Deluged  with  questions  about  home  networks  from  friends 
and  neighbors?  Here's  help.  Introducing  Network  Life:  The 
Expert's  Guide  to  the  Connected  Home.  Starts  after  p age  U>, 


The  leader  in  network  knowledge  ■  www.nwfusion.com 


November  29,  2004  ■  Volume  21,  Number48 


Carriers  jump 
into  auditing 

■  BY  DENISE  PAPPALARDO 

A  growing  number  of  major  carriers  are  in  effect  addressing  the  prob¬ 
lem  of  inaccurate  telecom  bills  this  way:“We’ll  be  happy  to  review  and 
audit  those  bills  for  you,  but  for  a  price.” 

Third-party  vendors  started  offering  telecom  bill-auditing  services  to 
large  corporations  more  than  10  years  ago  because  billing  errors  were 
common  and  costly  Since  then  carriers  have  improved  billing  systems 
but  those  systems  remain  far  from  perfect.  According  to  Aberdeen 
Group,  up  to  12%  of  all  service  charges  on  corporate  telecom  bills  are 
in  error. 

This  has  spawned  a  booming  telecom  expense  management  indus¬ 
try  —  one  the  carriers  are  increasingly  trying  to  muscle  in  on. 
Companies  are  expected  to  spend  nearly  $500  million  on  telecom 

See  Audit,  page  12 


No  patching  panacea 

Vendors  say  patch  nogmt.  should  be  part  of  a  larger  plan.-, 


■  See  the  online  debate:  How  best 
to  patch"  at  www.nwfusion.com, 
DocFinder:  4846 

argued  that  patching  should  be 
integrated  with  technologies  that 
take  into  account  asset,  configu¬ 
ration,  compliance  and  vulnera¬ 
bility  management. 

Shavlik  countered  by  saying 
patch  management  is  too  compli¬ 
cated  and  critical  to  be  addressed 
by  multi-purpose  offerings. 

See  Patch,  page  10 


■  BY  DENISE  DUBIE 

The  recent  Network  World 
Virtual  Showdown,  “How  best  to 
patch,”  drew  six  vendors  together 
in  a  weeklong  debate  that  ulti¬ 
mately  concluded  patch  manage¬ 
ment  is  best  viewed  as  one  facet 
of  a  larger  security  strategy. 

Among  the  six  vendors  invited 
to  the  debate  —  Altiris,  BigFix, 
Citadel  Security  Software,  Con- 
figuresoft,  Shavlik  Technologies 
and  Symantec  —  all  but  Shavlik 


SPECIAL  SECTION 


-PROFILING 

cybercrime 

*  Network  threats  and  defense  strategies 


By  many  accounts  the  outlook  on  cybercrime 

is  encouraging.  Surveys  show  that  cyberattacks  are  down,  companies  are  losing 
less  money  and  executives  have  more  confidence  in  their  defenses. 

But  there  is  growing  fear  that  surveys  aren’t  telling  the  whole  story  Some 
cybercrime,  after  all,  goes  undetected.  And  still 
more  goes  unreported  because  companies 
fear  what  the  news 
would  do  to  their 
image,  say  nothing 
of  their  stock 
price.Add  to  that 
the  suspicion  that 
cybercrime  —  once 
the  domain  of  bored 
and  teens  —  has  caught  the 
eye  of  organized  crime,  and 
there  is  reason 
enough  to 
wonder  if  we  are 
simply  in  the  eye 
of  the  storm. 


Is  the  law's  arm  long  enough? 

Even  though  Congress  continues  to  propose  new  laws, 
it  seems  law  enforcement's  hands  are  still  tied. 

Serious  business 

The  FBI's  Dave  Thomas  says  today's  cybercrook  is  all 
about  the  bottom  line. 

Victim's  rights 

What  to  do  when  you  have  been  hit  by  a  cyberattack. 


INSIDE: 


Cybercrime 

The  trends  look  good,  but  ... 

Profiling 

cybercriminals 

Unmasking  the  people  behind  the  crimes 
is  a  promising  but  immature  science. 

The  battle  against 
cyberterror 

The  race  is  on  to  harden  critical 
infrastructure  before  cyberterrorists 
launch  attacks. 


asp 


:•*>«  * 


The  server  platform  of  choice 

just  got  better. 


Introducing  the  Intel®  Xeon”  processor  with 
support  for  32-  and  64-bit  applications. 

It  means  the  most  widely  used  server  platform 
in  the  world  can  now  work  even  harder. 

And  new  platform  technologies  enable  increased  power  savings, 

flexibility  and  performance.  For  more 

information — and  more  choice-visit  intel.com/business. 


Support  for 
32-  and  64-bit 
applications 


Improved 

power-saving 

options 


Flexible  memory, 
I/O  and  storage 
configurations 


<5)2004  Intel  Corporation.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  rights  reserved. 


1.  LINUX  AND  SOLARIS™  OS 
APPLICATIONS  RUN  SIDE-BY-SIDE 

2.  CHOICE  OF  SYSTEMS - 
SPARC®,  AMD  OPTERON™,  INTEL 

3.  RUNS  ON  OVER  250  SYSTEMS  FROM 
OTHER  MANUFACTURERS 

4.  APPLICATIONS  RUN  UP  TO  30  TIMES  FASTER 

5.  MILITARY-GRADE  SECURITY, 

VIRUS-FREE  FOR  THE  LAST  20  YEARS 

6.  GUARANTEED  COMPATIBILITY* 

GUARANTEED  INDEMNITY 

7.  UP  TO  80%  SYSTEM  UTILIZATION 
(NO  MAINFRAME  REQUIRED) 

8.  SYSTEMS  AND  DATA  FIX  THEMSELVES 

9.  REVOLUTIONARY  NEW  FAILSAFE  FILE 
SYSTEM  FOR  DATA  PROTECTION 

10.  SCALES  FROM  1-WAY  TO  100-WAY 


MOVE  AHEAD  TODAY  AT 
SUN.COM/SOLARIS10 


©  2004  SUN  MICROSYSTEMS.  INC.  ALL  RIGHTS  RESERVED  SUN,  SUN  MICROSYSTEMS,  THE  SUN  LOGO.  SOLARIS  AND  THE  NETWORK  IS  THE  COMPUTER  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  OF  SUN  MICROSYSTEMS.  INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES.  ALL  SPARC  TRADEMARKS  ARE  USED  UNDER 
LICENSE  AND  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  OF  SPARC  INTERNATIONAL.  INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES. 

•  SEE  SOLARIS  APPLICATION  GUARANTEE  PROGRAM  FOR  MORE  DETAILS. 


NetworkWorld 


News 


8  Carriers’  IT  spending  habits  are  changing. 

8  Citrix  takes  a  run  at  SSL  VPNs. 

12  Verizon  accused  of  slowing  Wi-Fi  rollout. 

14  Leeway  found  in  Wal-Mart’s  RFID  mandate. 

14  Sun  to  boost  storage  package. 

18  Cisco  CTO:  We  won't  be  commoditized. 


Net  Infrastructure  Technology  Update 

■  37  Federated  ID  facilitates  Web 
services. 

■  37  Steve  Blass:  Ask  Dr. 

Internet. 

■  38  Mark  Gibbs:  Clearing  our 
desk. 

■  38  Keith  Shaw:  Cool  tools, 
gizmos  and  other  neat  stuff. 


■  19  University  takes  go-slow 
approach  to  VoIP. 

■  19  Tasman  debuts  integrated 
router, 

■  20  Start-up  uses  software  for 
WLAN  IPS. 

Enterprise 

Computing 

■  23  Do  software  users  need 
indemnification? 

■  24  Dave  Kearns: 

Microsoft's  Ballmer  talks  the  talk. 

Application 

Services 

■  25  Application  mgmt.  service  on 
tap. 

■  25  Forum  adds  message 
queuing  support. 

■  28  Google  may  retail  Blogger 
service. 

■  28  Scott  Bradner: 

Quality  of  threats  rather  than  quality 
of  software. 

Service  Providers 

■  31  Verizon  weighs  in  on 
enterprise  nets. 

■  32  Johna  Till  Johnson: 

There's  a  need  to  illuminate  the 
darknet. 


Sony  Ericsson's 
P910i  is  packed 
with  features. 
Page  38. 


Opinions 


■  40  On  technology:  Talk 
among  yourselves. 

■  41  Chris  Shipley:  Living  the 
digital  life,  today. 

■  41  Howard  Anderson: 

Lassie,  come  home. 

■  66  BackSpin:  Linux  violates 
more  than  228  patents  —  big  deal. 

■  66  'Net  Buzz:  Monitoring  out¬ 
bound  e-mail  may  be  unavoidable. 

■  62  Career  classifieds. 


mm 


afiling  cybercrime: 

ork  threats  and  defense  strategies 

I  Once  the  domain  ot  hackers  and  bored  teens, 
cybercrime  has  become  a  serious  business  as 
criminals  begin  to  profit  from  their  online  exploits. 
Find  out  how  bad  the  problem  is.  what  you  can  do 
to  avert  these  calamities  along  with  what  the 
government  is  doing  to  curb  the  problem. 
Special  section  starts  on  page  42. 


Network  Life 

The  expert's  guide  to 
the  connected  home 

Introducing  Network  Life,  a  quarterly  magazine 
designed  to  ease  the  job  of  answering  ques¬ 
tions  from  friends,  family  and  colleagues  about 
everything  from  broadband  services  to  wire¬ 
less  networks  and  security  requirements. 

We  cover  the  hottest  products,  the  emerging 
trends  and  deliver  hands-on  product  tests 
—  everything  you  need  to  keep  up. 

Special  supplement  begins  after  page  18. 


NetwoikWloitilusion 


/ § 

. . . * . ' ®?ms  • 


www.nwfusion.com 


Exclusive 


Network  Life  online 

This  week,  Network  Life:  The  Expert's  Guide  to  the  Connected  Home 
debuts  after  page  18.  Find  the  latest  home  network  news,  reviews, 
how-tos  and  more  every  day  at  its  online  home. 

DocFinder:  4838 

Cool  Yule  Tools 

Not  sure  what  to  get  the  big  kids  on  your  list?  Not  sure  what  to  put  on 
your  wish  list?  Check  out  our  annual  Holiday  Gift  Guide,  where  we  give 
you  the  lowdown  on  more  than  150  cool  gifts,  from  cell  phones  and 
digital  cameras  to  video  games,  robots,  vending  machines  and  more. 

DocFinder:  4729 

Network  World  Fusion  Radio 

Get  the  inside  scoop  on  hot  technology  issues,  such  as  inexpensive 
servers,  WiMAX,  network  security  design  and  more,  Stream  the 
sessions  to  your  desktop  or  download  them  as  MP3s  for  later  use. 

DocFinder:  4839 

Case  studies 

Learn  best  practices  from  your  peers  to  make  the  most  of  technology, 
save  money  and  streamline  your  business.  DocFinder:  4840 

Seminars  and  Events 


Columnists 


The  2005  IT  Roadmap 
Future  Vision 

Are  you  tasked  with  managing  next-generation  security?  The  new  data 
center?  WANs  and  LANs?  Applications  management?  IP  telephony?  Wireless? 
Your  new  year  begins  early  at  this  Welcome-to-2005  Tech  Tour  event. 
Qualified  professionals  attend  free.  DocFinder:  4646 


■  CONTACT  US  NetworkWorld,  118Turnpike  Road,  Southborough, 
MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438; 

E-mail:  nwnews@nww.com;  STAFF:  See  the  masthead  on  page  18 
for  more  contact  information.  REPRINTS:  (717)  399-1900 


Telework  Beat 

Survey  shows  government  employees  still  confused  about 
telework 

Net.Worker  Managing  Editor  Toni  Kistner  looks  at  survey 
results  that  contradict  a  federal  claim  that  "nearly  all"  agencies 
have  a  telework  policy.  DocFinder:  4841 

Wireless  Wizards 

Excessive  RE  interference 

The  Wizards  answer  a  reader  who  asks:  “Is  there  something 
other  than  a  wireless  network  that  could  be  interfering  at 
Channel  11?  We  get  25%  to  30%  noise  detected  using 
AirMagnet.  The  interference  could  be  at  Channel  10.  This 
appears  to  be  common  at  every  site,  including  our  corporate 
building.  DocFinder:  4842 

Small-Business  Tech 

Tritton  debuts  first  wireless  NAS 

Columnist  James  Gaskin  says  Tritton's  new  Wi-Fi  NAS  is  a 

smart  way  to  add  storage  to  the  living  room  network. 

DocFinder:  4843 

Home  Base 

Don't  expect  regulatory  reform  in  2005 

Columnist  Steve  Ulfelder  says  home  businesses  are  the  secret 

weapon  in  the  U.S.  economy  —  despite  antiquated  local  and 

IRS  rules  DocFinder:  4844 


Breaking  News 

Go  online  for  breaking  news  every  day.  DocFinder:  6342 

Free  e-maii  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  6343 


SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444; 
Fax:  (508)  490-6400;  E-mail:  nwcirc@nww.com; 

URL:  www.subscribenw.com 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 


RANDY  LYHUS 


Where  IP  and  telecom  unite. 
Where  security  is  offensive,  not  defensive. 
Where  e-commerce  is  safe  commerce. 
Where  content  is  mobile  and  personal. 

Where  infrastructure  is  more  intelligent. 


VeriSign.5 

Where  it  all  comes  together. 


Billions  of  times  each  day,  the  world  interacts  with  a  company  you  may  not 
realize  is  there.  One  that  is  driving  dynamic  transformations  at  the  very 
core  of  commerce  and  communications.  VeriSign.  Through  our  Intelligent 
Infrastructure  Services,  we  enable  businesses  and  individuals  to  find, 
connect,  secure,  and  transact  across  today’s  complex  Internet,  telecom, 
and  converged  networks. 

We  operate  the  systems  that  manage  .com  and  .net,  handling  14-billion 
Web  addresses  and  emails  every  day.  We  run  one  of  the  largest  telecom 
signaling  networks  in  the  world,  enabling  services  such  as  cellular  roaming, 
text  messaging,  caller  ID,  and  multimedia  messaging.  We  manage  network 
and  user  security  for  over  3,000  global  businesses  and  400,000  Web  sites. 


And  we  handle  over  30  percent  of  all  e-commerce  transactions  in  North 
America,  processing  $100-million  in  daily  sales.  As  next-generation  net¬ 
works  emerge  and  converge,  VeriSign  will  be  there,  deploying  the 
Intelligent  Infrastructure  Services  necessary  for  everything  from  RFID- 
enabled  supply  chains  to  inter-enterprise  VoIP  to  mobile  and  rich  media 
content  distribution. 

Whether  you're  a  telecom  carrier  looking  to  rapidly  deploy  new  services;  a 
Fortune  500  enterprise  needing  comprehensive,  proactive  security  services; 
or  an  e-commerce  leader  wanting  to  securely  process  payments  and  reduce 
fraud,  we  can  help.  We’re  VeriSign.  Where  it  all  comes  together.™ 


2004  VeriSign.  Inc.  All  rights  reserved  VeriSign.  the  VeriSign  logo.  "Where  it  all  comes 
together."  ana  other  trademarks,  service  marks,  and  designs  are  registered  or  unregistered 
t'ademarks  of  VeriSign  and  its  subsidiaries  in  the  United  States  and  in  foreign  countries 


www.VeriSign.com 

Download  now:  Free  white  paper  on  Intelligent  Infrastructure  Services 


Is  security  npe 
for  outsourcing? 


Keeping  track  of  NASCAR 


Reading  someone  else’s  copy  of 

NetworkVUoiid 

Apply  for  your  own 


subscription  today. 

my.nww.com/b04 


FREE  subscription 

(51  Issues) 


Apply  online  at:  my.nww.com/b04 


FREE 


Apply  for  your 
Network  World  subscription  today! 


A  $129  value 

YOURS  FREE 


my.  nww.com/b04 


www.nwfusion.com 


Tht  Good  heBad  teUgly 


HP  gets  into  blog  game.  Starting  first  with  some  of  its  designers, 
HP  is  encouraging  employees  to  start  blogging  as  a  way  to  better  communicate 
with  the  technical  community.  Initial  blogs  tackle  topics  such  as  service-oriented 
architectures  and  XML.  Other  vendors,  such  as  Microsoft  and  Sun,  already  encourage 
their  employees  to  blog. 

Spiritual  spam.  Spammers  are  starting  to  find  religion,  and  naturally, 
they’re  sharing  it.  E-mail  security  services  company  MessageLabs  is  reporting  an 
emerging  trend  of  spam  that  includes  religious  content.  In  a  possible  variation  on 
the  well-known  Nigerian  scam,  one  spam  sender  sought  a  “better  Christian  individual" 
to  receive  $18.6  million  dollars  for  religious  purposes. 

Click  and  kill.  A  Web  site  operator  who  currently  enables  customers  to 
shoot  remote-control  rifles  at  targets  via  the  'Net  is  looking  into  giving  users  the 
added  thrill  of  hunting  down  live  animals  on  a  Texas  ranch,  according  to  Reuters. 
The  Humane  Society  is  appealing  to  the  National  Rifle  Association  to  help  snuff  out 
the  online  venture,  while  Texas  wildlife  officials  are  looking  at  what  steps  they  can 
take  to  stop  it. 

■ 


Number  portability  working  but  not  overwhelming 

■  Nov.  24  marked  the  one-year  anniversary  of  local  wireless  number 
portability  for  wireless  service  providers  across  the  U.S.This  feature 
lets  users  switch  their  wireless  phone  numbers  to  another  carrier. 
The  FCC  mandate  on  portability  didn’t  create  the  demand  industry 
watchers  expected,  says  Clint  Wheelock,  director  of  wireless 
research  at  In-Stat/MDR.The  FCC  reports  7.8  million  wireless  num¬ 
bers  were  ported  since  last  November,  with  more  than  2.8  million 
ported  after  May  Tim  Kridel,a  senior  analyst  at  Mobile  Competency 
says  more  users  are  taking  advantage  of  porting,  although  not  in 
droves.“Listening  to  carriers,  about  30%  of  new  activations  are  from 
porting”  requests,  Wheelock  says.  Despite  some  trouble  at  AT&T 
Wireless  in  late  2003,  porting  in  general  is  going  well,  he  says.  For 
example, Verizon  Wireless  lowered  a  porting  fee  it  was  charging  all 
customers.  Verizon  Wireless  says  that  since  March  it  has  collected 
$15  million  —  40  cents  per  month,  per  phone  number  —  to  help 
pay  for  the  cost  of  managing  porting.  It  is  lowering  its  monthly 


charge  to  5  cents  per  month,  per  phone  number.  Porting  was 
expected  to  have  a  big  effect  on  customer  churn,  Wheelock  says, 
but  instead  it  is  “an  amplifier  to  churn  that  was  already  happening. 
We  didn’t  see  mass  porting  of  numbers.”  According  to  some  users, 
taking  their  business  to  a  new  carrier  while  keeping  their  wireless 
numbers,  reduced  their  annual  wireless  service  costs  by  half  (see 
story  at  www.nwfusion.com,  DocFinder:  4850). 

Sygate  patch  targets  Google  vulnerability 

■  Sygate  has  shipped  a  fix  for  a  vulnerability  that  lets  Google  Desktop  Search  cache  Word 
documents  that  are  supposed  to  be  quarantined  and  purged  from  computer  hard  drives 
(DocFinder:  4851). The  company  is  making  the  fix  available  to  its  customers  and  partners 
that  sell  versions  of  the  software,  including  Array  Networks,  Aventail,  Juniper  and  Netilla. 
The  vulnerability  affected  only  Word  documents  that  were  accessed  during  secure  desk¬ 
top  sessions.  Google  Desktop  Search,  which  is  still  in  beta,  managed  to  cache  its  content 
in  clear  text  and  to  make  that  content  available  after  virtual  desktop  sessions  ended. 

Juniper  expected  to  announce  new  router 

■  Juniper  has  an  announcement  slated  for  Dec. 6, the  week  of  Ciscos  annual  analyst  meet¬ 
ing.  Speculation  has  it  that  Juniper,  in  an  effort  to  steal  some  of  Cisco’s  thunder,  will 
announce  availability  of  its  TX  multichassis  router  interconnect  system  along  with  a  cus¬ 
tomer  deployment.TheTX  is  designed  to  connect  multiple  JuniperT-series  core  routers  into 
a  multi-terabit  system  and  competes  with  Ciscos  recently  announced  and  highly  touted 
CRS-1  multi-terabit  router.  Juniper  would  neither  confirm  nor  deny  a  TX  announcement. 

H-1B  visa  program  expanded 

■  Congress  is  letting  employers  hire  20,000  more  foreign  high-tech  workers  under  a  spe¬ 
cial  visa  program.  Previously  businesses  were  limited  to  hiring  no  more  than  65,000  work¬ 
ers  annually  through  the  H-1B  visa  program.They  reached  that  figure  in  one  day  Oct.  1.  But 
Congress  added  the  extra  20,000  in  its  $388  billion  spending  bill  last  week.  A  coalition  led 
by  companies  such  as  Microsoft,  HP  and  Texas  Instruments  pushed  for  the  extension. 
H-1B  visas  are  granted  to  foreign  workers  in  specialty  professions  such  as  architecture, 
engineering,  medicine,  biotechnology  and  computer  programming.  Under  the  program, 
employers  must  pay  foreign  workers  the  prevailing  wage  for  their  job  fields  and  show  that 
qualified  U.S.  workers  are  not  being  passed  over.  Unions  and  other  critics  say  the  program 
lets  businesses  fill  jobs  with  less-expensive  foreign  labor.  Those  that  use  the  program  say 
they  cannot  find  enough  Americans  with  the  necessary  math,  science  and  engineering 
skills.  In  addition,  Congress  doubled  H-1B  visa  application  fees  from  $1,000  to  $2,000. 

HP  set  to  pay  for  reduction 

■  HP  plans  to  spend  $200  million  over  the  next  six  months  on  staff  reductions,  the  com¬ 
pany  said  last  week  in  a  regulatory  filing.  It  did  not  specify  which  business  areas  the  staffing 
cuts  would  affect.  The  company  has  continuously  adjusted  its  workforce  since  buying 
Compaq  in  2002,  which  quickly  led  to  cuts  of  more  than  17,000  jobs  from  the  combined 
company  HP  estimated  the  total  cost  of  its  2003  fiscal  year  restructuring  plans  at  $791  mil¬ 
lion.  In  the  first  nine  months  of  its  2004  fiscal  year,  which  ended  July  31.  HP  recorded 
restructuring  costs  of  $101  million.  HP  has  about  145,000  employees  worldwide. 


“Hee,  hee!  Do  you  remember 
those  pictures  I  said  I  would 

delete?” 


Paul  Clark  of  Monterey, 

Calif.,  is  laughing  over 
his  big  win  in  our  latest 
Weekly  Caption  Contest.  You  can  win,  too.  Check  back  each 
Monday  for  the  start  of  a  new  contest. 
www.nwfusion.com/weblogs/layer8 


Layer 


8 

NetworkWorld 

11/29/04 

News 

www.nwfusion.com 

Carrier  spending  habits  changing 

More  routers  being  purchased  for  IP  service  networks  than  Internet  backbone  connections. 


(  ) 

Service  provider  shift 

Market  watchers  say  this  will  mark  the  first  time  more 
routers  are  sold  to  U.S.  carriers  for  use  in  non-Internet 
IP  backbones  than  for  Internet  infrastructure. 


Sales  of  service  provider  routers  (U.S.) 

2003:  $3.9  billion  2004:  $5  billion 


%  of  sales  for  Internet  applications 
SI  %  of  sales  for  non-Internet  applications 

SOURCE:  CIMI 

\ _ 


■  BY  JIM  DUFFY 

Industry  watchers  say  this  year 
will  mark  a  major  milestone  in 
IP  networking:  U.S.  carriers  will 
buy  more  routers  for  use  in  their 
private,  premium-service  IP 
backbones  than  for  the  Internet 
backbone. 

By  doing  so,  carriers  will  be¬ 
come  less  dependent  on  the 
hacker-prone  Internet  for  their  IP 
service  infrastructure.  As  a  result, 
customers  can  expect  IP  services 
that  boast  service  level,  security 
and  availability  parity  with  data 
services  such  as  frame  relay  and 
ATM,  but  that  support  a  wider 
range  of  applications. 

Carriers’  new  spending  habits 
also  indicate  that  they  think  they 
can  make  money  in  IP  services 
—  or  at  least  more  than  they  can 
offering  ordinary  Internet  access. 
More  profitable  services  should 
translate  into  more  broadly  avail¬ 
able  offerings,  experts  say. 

“The  Internet  is  becoming  an 
application  of  IP  and  not  the 
infrastructure  itself,”  says  Thomas 
Nolle,  president  of  consultancy 
CIMI,  which  has  called  attention 
to  the  carrier  spending  trend.  “If 
service  providers  are  going  to 


build  IP  infrastructure,  they’re 
going  to  build  it  to  earn  [an  ROI] . 
WorldCom  proved  that  you  can 
be  the  biggest  Internet  provider 
in  the  world  and  you  still  can’t 
make  money  at  it.” 

Nolle  says  this  year  53.6%  of  the 
$5  billion  in  sales  of  non-access 
routers  to  the  top  27  U.S.  service 
providers  —  the  Big  7  RBOCs  and 
interexchange  carriers,  and  the 
top  20  ISPs  —  will  be  for  public  IP 
applications  not  connected  to 
the  Internet  (see  graphic). 

AT&T’s  Concept  of  One  IP  back¬ 
bone,  for  example,  carries 
Internet  traffic  but  only  in  parti¬ 
tioned  routes.  Essentially  Internet 
traffic  is  an  application  riding  a 
non-Internet  IP  infrastructure. 

Such  offerings  signify  a  matura¬ 
tion  of  IP  as  an  infrastructure  and 
service  that  can  carry  business 
traffic  reliably  securely  and  prof¬ 
itably  Nolle  says.  Until  now,  carri¬ 
ers  acquired  routers  to  support 
an  Internet  service  or  application; 
now  they’re  buying  them  as  the 
foundation  for  a  variety  of  ser¬ 
vices  and  applications. 

BellSouth  unveiled  its  regional 
private  IP  backbone  —  the  BRIB 
—  18  months  ago  to  offer  RFC 
2547  Multi-protocol  Label  Switch¬ 


ing  (MPLS)  VPNs, VoIP  and  metro¬ 
politan  Ethernet  services  within 
its  region,  yet  with  ISP  peering 
arrangements  for  out-of-region 
applications,  says  Mark  Kaish, 
BellSouth  vice  president  of  next- 
generation  services.  It’s  less  ex¬ 
pensive  to  build  and  keep  traffic 
on  a  private  IP  backbone,  he  says. 


“What  you’re  really  trading  off  is 
the  cost  of  [Internet]  transit  and 
peering  vs.  the  cost  of  bandwidth 
to  keep  it  all  on  your  own  net¬ 
work,”  Kaish  says.  “Since  the  tele¬ 
com  crash,  the  cost  of  bandwidth 
has  been  dropping  like  a  rock. 

“It’s  giving  customers  the  confi¬ 
dence  to  move  from  frame  relay 


and  private  line  to  IP  services,”  he 
adds. 

Business  demand  is  on  the  rise 
for  services  such  as  Layer  3  MPLS 
VPNs  that  rely  on  private  IP  infra¬ 
structure,  says  Mark  Bieberich,  an 
analyst  at  The  Yankee  Group.  Yan¬ 
kee  recommends  that  companies 
migrating  from  frame  relay  or 
ATM  to  IP  VPNs  with  VoIP  consid¬ 
er  private  IP  network-based  ser¬ 
vices  for  their  security  capabili¬ 
ties  and  service-level  agreements. 

Another  option,  though,  is  a 
new  breed  of  VPN  service  that 
Yankee  calls  “Public  2547”  offer¬ 
ings.  These  ride  on  the  Internet 
and  are  secured  via  MPLS-explic¬ 
it  paths.  Public  2547  VPNs  are 
aimed  at  customers  constructing 
their  own  customer  premises 
equipment-based  VPNs  that  use 
the  Internet  for  transport  and 
encryption  for  security 

“Most  enterprises  believe  that 
service  providers  have  to  have  a 
private  IP  infrastructure  today  to 
ensure  the  security  of  their  ser¬ 
vices,”  Bieberich  says.  “But  ven¬ 
dors  and  service  providers  are 
working  together  to  break  down 
some  of  those  barriers  to  having 
to  provision  private  services  over 
a  separate  backbone.”  ■ 


Citrix  buys  into  better  SSL  VPN  support 

With  purchase  of  Net6,  company  gains  broad  remote-access  capabilities. 


■  BY  TIM  GREENE 

Looking  to  provide  customers  with  more 
secure  remote  access  to  corporate  re¬ 
sources  and  possibly  catapult  it  to  the  top 
echelon  of  SSL  VPN  vendors,  Citrix  Systems 
last  week  said  it  would  buy  SSL  VPN  ven¬ 
dor  Net6. 

The  $50  million  purchase  should  help  the 
company  attract  new  customers  who  are 
interested  in  remote  access  in  general  and 


More  online! 


There's  a  lot  to  know  about  how  SSL  VPNs  can  help 
you  offer  secure  remote  access  across  the  enterprise. 
For  the  latest  information,  tune  into  our  IT  Briefing 
Webcast  featuring  Senior  Editor  Tim  Greene. 

DocFinder:  1128 


in  supporting  IP  voice  and  conferencing 
over  the  same  infrastructure. 

The  deal  ought  to  put  the  vendor  among 
first-tier  SSL  VPN  vendors  such  as  Aventail, 
Juniper,  Nortel  and  Cisco,  says  Robert 
Whiteley,  an  analyst  with  Forrester  Re¬ 
search.  “Net6  is  a  small  start-up  with  a 
capable  product.With  Citrix’s  [well-known] 
name,  it  can  be  the  big  brother  that  gets 
Net6  into  big  accounts.” 

Citrix  is  best  known  for  its  MetaFrame 
software  environment  but  has  recast  itself 
as  a  company  that  can  connect  voice  or 
data  traffic  from  any  type  of  device  —  PC, 
handheld  or  wireless  phone.  Net6  products 
can  help  it  along  that  road. 

The  Net6  Hybrid-VPN  HVPN  Gateway  is 
an  appliance  that  sits  between  corporate 
networks  and  the  Internet,  terminating  SSL 
sessions  with  remote  machines  and  proxy- 
ing  to  servers  behind  corporate  firewalls.  In 
this  it  is  like  other  SSL  VPN  gear.  Unlike 
other  SSL  VPN  gear,  it  intercepts  traffic  at 
Layer  2  and  tunnels  it  over  SSL,  giving  the 
remote  user  full  access  to  client-server  ap¬ 
plications.  This  means  that  as  applications 
and  protocols  are  updated  and  changed, 


HVPN  can  handle  them  without  requiring 
upgrades  to  HVPN  itself,  Net6  says. 

The  box  also  can  perform  remote  con¬ 
trol,  letting  remote  users  take  control  of 
their  desktop  PC  back  at  corporate  head¬ 
quarters  from  a  laptop  in  a  hotel  room,  for 
example.  It  supports  collaboration  by  let¬ 
ting  users  invite  other  users  logged  on  to 
the  same  HVPN  machine  to  work  simulta¬ 
neously  on  the  same  document.  The  com¬ 
pany  also  plans  to  link  IP  voice  sessions, let¬ 
ting  HVPN  act  as  a  voice-conferencing 
platform  or  a  form  of  PBX  to  switch  phone 
calls  among  corporate  users.  Citrix  says  it 
will  sell  the  Net6  products  separately  at  first 
and  work  on  integration  over  time. 

Citrix  already  has  an  SSL  VPN  product, 
MetaFrame  Secure  Access  Manager 
(MSAM),  but  it  was  designed  for  large  cor¬ 
porations  that  are  heavy  MetaFrame  users, 
says  John  Girard,  vice  president  of  Gartner. 
By  adding  an  SSL  VPN  appliance  that  mid¬ 
size  and  small  companies  can  afford  and 
manage,  Citrix  can  more  readily  attract 
users  outside  its  current  customer  set, 
Girard  says. 

Another  drawback  of  MSAM  is  that  it  is 


software  that  runs  only  on  Windows  plat¬ 
forms,  putting  it  at  odds  with  businesses 
that  have  security  policies  forbidding 
placement  of  Windows  servers  between 
corporate  firewalls  in  so-called  DMZs  and 
exposed  to  the  Internet  traffic,  says  Brian 
Madden,  an  independent  technology  ana¬ 
lyst  who  follows  Citrix. 

Integration  with  Citrix  products  will  bring 
new  features  to  HVPN,  says  Tony  Marzulli, 
senior  vice  president  of  product  and 
demand  marketing  for  Citrix.The  company 
is  developing  software  that  can  check  the 
configuration  of  a  remote  device  trying  to 
access  the  network  and  based  on  what  it 
finds,  grant  more  or  less  access,  he  says.  It 
also  will  support  a  virtual  desktop  that  pre¬ 
vents  the  content  of  remote  sessions  from 
being  stored  on  the  hard  drive  of  the 
remote  machine. 

But  Citrix  has  some  work  to  do.  Both  con¬ 
figuration  checking  and  virtual  desktops 
are  features  already  offered  by  other  SSL 
VPN  vendors  including  Aventail,  Juniper 
and  Netilla. 

Citrix  expects  to  close  the  deal  for  Net6 
by  year-end.  ■ 


Advertisement 


Time  Zone  Tim 


If  it’s  Thursday,  it  must  be  Brussels.  Or  Bangkok.  Or  maybe 
Birmingham.  Come  to  think  of  it,  intrepid  road  warrior  Time 
Zone  Tim  often  has  to  look  at  the  local  phone  directory  when  he 
wakes  up  to  know  where  his  travels  have  taken  him.  But  no 
matter  where  in  the  world  Time  Zone  Tim  may  be,  he’s  always 
in  touch  with  the  information  he  needs  thanks  to  some  innovative 
tools  for  mobile  warriors  like  him.  We  caught  up  with  Tim— where 
else  but  on  his  way  to  the  airport,  sipping  on  a  double  latte. 


As  usual,  you  are  on  the  road.  What  are  your  most  pressing  needs 
when  traveling  the  globe  on  business? 

The  first  thing  that  pops  into  my  mind  is  a  business-class  seat  courtesy  of  a 
free  upgrade,  but  if  you  mean  a  pressing  business  need,  let  me  put  it  this  way. 
When  I’m  with  customers  in  Rome  and  they  need  the  current  status  of  pending 
orders,  they  don’t  care  that  the  data  is  sitting  on  a  server  back  in  the  main  office 
in  Phoenix.  I  need  secure,  wireless  access  to  vital  information  and  I  can’t  be 
jumping  through  hoops  to  get  it. 


Has  email  been  a  problem  for  you? 

No,  not  since  my  company  began  working  with  Nokia  to  provide  road 
hounds  like  me  with  reliable  wireless  email.  It  used  to  be  that  a  long  cab  ride  in 
heavy  traffic  was  just  unused  downtime  for  me.  Now  I  use  all  that  time  to  check 
email  and  message  my  clients.  It  sure  beats  trying  to  converse  with  a  cabbie  in 
a  language  I  don’t  understand!  With  wireless  email,  I’ll  bet  I  gain  another  hour 
per  day  of  real  productivity  given  all  the  running  around  I  do. 


Bill  Laberis  was  editor  in  chief  of  Computerworld  for  ten 
years  (1986-1996).  He  is  president  of  Bill  Laberis 
Associates,  a  custom  publishing  and  content  company 
(www.laberis.com).  His  columns,  Webcasts,  supplements 
and  magazines  are  well-known  and  respected  throughout  the  high- 
tech  industry. 


Would  you  say  that  staying  connected  is  mission-critical  for  you,  no 
matter  where  you  are? 

Mission-critical— you  mean  like  the  way  proper  nutrition  is  to  the  human 
body?  For  people  like  me  staying  connected  is  everything.  Last  week  in  Tokyo,  I 
followed  a  competitor  into  my  client’s  office.  While  my  competitor  was  trying  to 


phone  someone  back  home  about  the  availability  of  some  parts,  I  placed  the 
order  right  there  and  won  the  business.  Then  we  went  out  for  some  sushi. 
Thanks,  Nokia! 

What  are  your  devices  of  choice  for  staying  in  touch? 

I  have  a  few,  depending  upon  my  needs.  My  Nokia  9500  Communicator 
gives  me  a  full  set  of  business-critical  applications,  fast  network  connectivity, 
and  mega  memory  storage,  sort  of  like  taking  my  office  on  the  road.  And  my 
smartphone  based  on  the  Nokia  Series  60  software  platform  is  just  dynamite 
for  voice  and  data  communications.  I  use  it  for  email,  Internet  browsing,  and 
occasionally— just  occasionally— a  quick  game  of  hearts. 

What  are  the  most  important  features  of  these  devices? 

For  one  thing,  they  have  to  really  help  me  blast  through  my  work  so  I 
can  have  a  bit  of  time  for  one  of  my  favorite  hobbies— napping.  Look,  you’re 
talking  to  a  guy  with  five  thumbs  on  each  hand,  technically  speaking.  All  my 
access  devices  have  to  be  easy  enough  for  any  normal  business  professional  to 
use  to  quickly  communicate  with  important  contacts  and  access  critical  data.  If 
it  isn’t  real  user  friendly,  chances  are  it  isn’t  Nokia.  Oh  yeah,  our  IT  department 
wants  all  mobile  devices  to  be  both  cost-effective  as  well  as  future-proof.  That’s 
Nokia,  too. 

Traveling  as  you  do  and  needing  access  to  such  sensitive  information, 
aren’t  you  worried  about  data  security? 

Yes  and  no.  Yes  I  am  worried  about  what  might  happen  if  a 
competitor  or  just  about  anyone  else  were  able  to  get  to  the  same  data  I  can. 
That  would  be  bad  for  my  company  and  therefore  bad  for  me.  But  no,  I’m  not 
really  worried  because  Nokia  has  worked  wonders  with  something  our  IT  guys 
call  Secure  Sockets  Layer  or  SSL,  as  well  as  with  firewalls  and  secure  VPNs  to 
ensure  that  people  like  me  practice  nothing  less  than  safe  computing,  anywhere 
and  any  time. 

Sounds  like  Nokia  is  an  excellent  traveling  companion  for  you? 

You  can  say  that  again.  Nokia  is  my  traveling  security  blanket.  Like  a  first-run 
in-flight  movie,  Nokia  makes  me  feel  good. 

One  final  question:  Why  all  the  watches? 

They  seem  to  sell  them  everywhere  I  go  these  days  and  I’m  a  compulsive 
shopper.  I  just  wish  one  of  them  would  work  as  well  as  my  Nokia  mobile 
technology. 


Learn  how  to  mobilize  your  team  and  increase  business  productivity. 
Download  “The  Anytime,  Anyplace  World”  white  paper. 

nokiaforbusiness.com 


^NetworkWorld' 

VJcuSTS^EDI^OUJTlONSn 


NOKIA 

Connecting  People 


flit  NetworkWorld 


11/29/04 


News 


www.nwfusion.com 


Patch 

continued  from  page  1 

“Patch  management  is  an  arduous  task 
and  requires  detailed  patch  analysis  and 
testing  to  ensure  networks  are  protected 
from  vulnerabilities,”  wrote  Chief  Security 
Architect  Eric  Schultze.  “Pure-play  patch 
management  vendors  are  best-suited  to 
address  these  potential  threats  due  to  our 
experience  in  dealing  with  the  intricacies 
of  the  patch  management  process.” 

The  patch  process  at  its  most  basic 
involves  assessing  systems  for  vulnerabili¬ 
ties,  testing  patches,  deploying  patches  and 
then  ensuring  the  patch  deployed  removed 
the  vulnerability  from  the  machine  without 
causing  performance  problems. 

Patching  is  often  a  reaction  to  new  vul¬ 
nerabilities,  and  most  of  the  vendors 
argued  their  products  can  help  companies 
be  more  proactive.  Citadel,  for  example, 
advises  users  not  to  wait  for  updates  to  start 
the  process.  Citadel  said  IT  enterprise  man¬ 
agers  should  scan  their  networks  to  ident¬ 
ify  the  assets  that  could  be  vulnerable,  such 
as  a  misconfigured  router  or  firewall,  and 
eliminate  the  risk  by  plugging  holes  before 
a  known  threat  is  announced. 

“Enterprise  vulnerability  management 
works  on  the  basic  premise  that  by  remov¬ 
ing  the  real  problem  —  the  vulnerability  — 
you  will  minimize  the  number  of  threat 
occurrences  to  which  your  company  is 
exposed,”  wrote  Carl  Banzhof,  CTO  at 
Citadel. 

BigFix  and  Configuresoft  argued  that 


patch  management  is  simply  a  piece  of  the 
broader  concept  of  security  configuration 
management. 

BigFix  said  this  broader  category  "pro¬ 
vides  enterprises  with  a  number  of  other 
capabilities,  including  mobile  and  end¬ 
point  security,  configuration  management, 
anti-virus  and  firewall  management,  asset 
discovery  and  inventory,  and  software 
distribution.” 

“IT  organizations  face  a  growing  need  to 
simplify  their  environments  and  to  maxi¬ 
mize  the  value  of  the  tools  they  deploy  by 
combining  security  configuration  and  sys¬ 
tems  management  functions  into  a  com¬ 
mon  easy-to-manage  solution,”  wrote 
BigFix’s  Gregory  Toto,  vice  president  of 
product  management. 

Industry  watchers  weighing  in  on  the 
debate  agreed.  “Part  of  patching  ties  into 
vulnerability  management,  part  of  it  goes 
back  to  software  distribution,  part  of  it  is 
knowing  the  IT  assets,  and  part  of  it  is  secu¬ 
rity  configuration  management,” says  David 
Friedlander,  a  senior  analyst  at  Forrester 
Research. 

Some  of  the  vendors  said  IT  managers 
are  losing  patience  with  multiple  tools  and 
are  looking  for  vendors  to  consolidate  fea¬ 
tures  in  one  product  or  software  suite. 

Take  Brad  Carpenter.  The  senior  systems 
analyst  for  Lane  County  in  Eugene,  Ore., 
uses  LANDesk  Management  Suite  8.1  soft¬ 
ware  to  monitor  systems  and  augments  it 
with  LANDesks  Patch  Manager  application 
plug-in  to  tackle  patching. 

LANDesk  Management  Suite  maintains 


an  up-to-date  repository  of  his  1,400  client 
machines  and  the  software  running  on 
them,  including  the  patch  versions.  He  was 
able  to  automatically  populate  the  Patch 
Manager  application  with  the  desktop  data 
from  LANDesk’s  larger  suite,  and  that  is  the 
primary  reason  he  picked  LANDesk  over  a 
product  he  evaluated  from  pure-play  ven¬ 
dor  PatchLink. 

“I  already  have  my  complete  inventory  of 
client  machines,  and  I  can  write  a  vulnera¬ 
bility  status  query  in  one  system  and  [the 
product]  will  show  me  all  the  machines 
that  are  affected,”  he  explains.  “It’s  just 
another  piece  of  the  same  network  view, 
and  if  I  was  using  a  separate  tool  for  desk¬ 
top  management  and  patching,  I  would 
lose  all  my  integration.” 

Altiris  offers  modules  that  customers  can 
mix  and  match  to  address  specific  man¬ 
agement  tasks,  including  patch.  BigFix 
recently  broadened  its  software  to  include 
systems  management  features,  and  secur¬ 
ity  vendor  Symantec  could  use  software 
from  its  On  Technology  acquisition  to  com¬ 
bine  software  distribution  tools  with  its  vul¬ 
nerability  scans.  Symantec  has  an  OEM 
agreement  with  Shavlik  to  use  its  patch 
management  software  with  Symantec’s 
vulnerability  intrusion-detection,  anti-virus 
and  other  security  tools. 

“Patch  management  is  just  a  small,  yet 
critical  component  of  the  complete  solu¬ 
tion  required  for  customers  to  create  a 
more  resilient  infrastructure  that  is  able  to 
prevent,  cope  with  and  recover  from  unex¬ 
pected  events,”  wrote  Thom  Bailey  director 


of  product  management  at  Symantec. 

The  debate  also  featured  discussion 
about  the  difference  between  systems  that 
use  software  agents  on  managed  devices 
and  agent-less  approaches.  The  majority  of 
vendors  rely  on  agents,  but  Shavlik  offers 
customers  the  option  to  run  its  product 
agent-less. 

“An  agent-less  solution  is  much  easier  to 
deploy  across  networks  and  less  expensive 
to  maintain,”  Shavlik’s  Schultze  wrote.  “In 
addition,  the  ability  to  be  scanning  for  and 
applying  patches  within  minutes  is  a 
marked  advantage,  especially  in  this  era  of 
zero-day  exploits.” 

Yet  when  it  comes  to  remote  or  mobile 
clients,  BigFix  and  Configuresoft  argued  for 
agents  because  an  agent-less  network  scan 
relies  on  machines  being  connected.  The 
vendors  also  said  the  amount  of  control, 
depth  of  information  and  range  of  actions 
that  can  be  taken  on  servers  and  client 
machines  increases  exponentially  with  the 
use  of  agents. 

“The  problem  with  agent-less  approaches 
is  that  they  are  less  scalable  and  often  less 
robust,”  said  Randy  Streu,  Configuresoft 
vice  president  of  product  management. 
“The  arguments  for  agent-based  solutions 
include  mobile  support,  scalability,  robust¬ 
ness,  lack  of  network  delays  and  deeper 
inspections.” 

On  a  similar  note,  vendors  discussed  how 
their  products  could  address  decentralized 
networks  that  don’t  have  a  single  opera¬ 
tions  center  from  which  updates  and 

See  Patch,  page  11 


Too  many  cooks? 

Here  is  a  summary  of  Network  World’s  Virtual  Showdown  on  patch  management.  Many  companies  have  different  ingredients  to  alleviate  the  problem. 


Gregory  Toto,  vice 
president  of  product 
management,  BigFix 


Eric  Schultze,  chief 
security  architect, 
Shavlik 


Till  von  Ruexleben,  vice 
president  of  product 
strategy,  Altiris 


Randy  Streu,  vice  presi¬ 
dent  of  product  manage¬ 
ment,  Configuresoft 


Carl  Banzhof,  CTO, 
Citadel  Security 
Software 


Thom  Bailey,  director 
of  product  management, 
Symantec 


Patch 

management 
needs  to  be  part 
of  a  broader 
security  config¬ 
uration  manage¬ 
ment  solution  that  provides  enter¬ 
prises  with  other  capabilities,  including 
endpoint  security,  configuration 
management,  anti-virus  and  firewall 
management,  asset  discovery  and 
inventory,  and  software  distribution. 

An  agent-based  approach  is  a 
requirement  for  large  enterprises. 
Real-time  visibility  of  all  computers  in 
a  network  is  critical.  Real-time  control 
is  non-negotiable,  as  is  mobile  and 
remote  endpoint  management.  Scala¬ 
bility  isn't  just  numbers,  it’s  the  control, 
speed  and  reliability  with  which  you 
can  remediate  thousands  of  computers 
no  matter  where  they  are  or  how  they 
connect  to  your  network. 


Shavlik  believes 
pure-play  patch 
management 
solutions  offer  a 
singular  focus  to 
provide  network 
administrators  the  ability  to  develop 
detailed  patch  analysis,  testing  and 
deployment  to  protect  networks  from 
potential  threats  and  vulnerabilities. 

Our  industry-leading  patch  management 
assessment  and  deployment  functions  I 
are  robust,  accurate  and  simple  to  j 
use,  and  have  been  incorporated  in 
patch  management  products  from 
partners  such  as  BMC,  BindView,  iPass,  I 
Microsoft,  NetlQ,  Quest  Software  and  ! 
Symantec.  As  a  result,  Shavlik  solutions 
are  used  in  more  patch  management 
solutions  than  all  other  patch 
management  solutions  combined. 


Reactive  patch 
management  is 
nothing  but  a 
small  patch  on  a 
big  problem.  The 
Altiris  approach 
to  endpoint  security  is  more  holistic. 
Beyond  collecting  and  distributing 
patches,  effective  software  security 
addresses  patch  management  as  a 
single  component  of  a  change  and 
configuration  management  (CCM) 
process  in  which  patches  have  a  well- 
defined  life  cycle. 

We  see  the  stand-alone  patch  man¬ 
agement  market  soon  being  consumed 
by  the  CCM  market. 

Other  vendors  typically  license 
various  parts  of  their  software  man¬ 
agement  offerings  to  compete,  but  in 
doing  so  place  much  of  the  burden  of 
integration  and  uncertainty  in  the 
customer's  lap.  Meaningful  ROI  can 
be  difficult  to  attain  if  a  patch 
management  product  is  difficult  to 
install,  maintain  and  integrate  with  a 
comprehensive  software  security 
management  product. 


Gartner 
estimates  that 
95%  of  security 
breaches  are 
caused  by 
improper 
configurations  and  of  those 
approximately  one-third  is  because  of 
missing  patches,  with  the  rest 
remaining  in  core  configurations. 
Internal  controls  and  regulatory 
compliance  mandates  such  as 
Sarbanes-Oxley,  HIPAA,  GLBA  and 
FISMA  are  forcing  users  to  consider 
patch  management  in  the  context  of 
a  more  holistic  approach  to  security 
and  configuration  management. 

Configuresoft's  Enterprise 
Configuration  Manager  was  the  choice 
of  nine  of  the  Global  25  largest 
corporations  to  provide  this  continuous 
asset,  configuration,  security  and 
change  control  management  for 
servers,  desktops  and  mobile  devices. 


Patch  man¬ 
agement  is  only 
a  component  of  a 
broader  set  of  IT 
processes  and 
technologies  that 
need  to  be  established,  enforced  and 
managed  across  the  enterprise.  As 
organizations  continue  to  run  the  patch 
treadmill,  they  are  equally  bombarded 
with  numerous  other  types  of  vulnera¬ 
bilities.  These  organizations  understand 
the  need  for  coordination  between 
IT  security  and  IT  operations  to  close 
the  gap  on  all  vulnerabilities. 

An  Enterprise  Vulnerability  Man¬ 
agement  (EVM)  solution  provides 
organizations  with  the  flexibility  to 
mitigate  vulnerabilities  and  models  the 
customer's  process.  Go  beyond  patch 
management  by  implementing  a 
proactive,  holistic  approach  to  EVM  and 
deliver  an  integrated  approach  across 
the  various  groups  responsible  for 
security  while  automating  as  many 
steps  as  possible. 


Patch 

management 
needs  to  be 
looked  at  as  part 
of  a  bigger 
infrastructure 
implementation.  Analyst  research 
suggests  that  patch  management 
touches  a  variety  of  areas  within  an 
IT  operations  process  catalog. 

There  is  no  “one  size  fits  all" 
approach  to  patch  management. 
However,  there  is  a  common  otyective: 
to  keep  the  organization  up  and  running. 
It  means  enabling  the  integrity  of  the 
organization's  infrastructure  and  its 
business-critical  information  by 
ensuring  that  it  is  both  secure  and 
available.  This  can  be  achieved  by 
providing  a  resilient  infrastructure  that 
is  able  to  prevent,  cope  with  and 
recover  from  unexpected  events. 


www.nwfusion.com 


Nc  rs 


11/29/04 


NotworkWo! 


Patch 

continued  from  page  10 
patches  are  sent. 

Guest  expert  Felicia  Nicastro,  a  principal 
consultant  with  International  Network 
Services,  asked  vendors,  “How  do  you 
enable  management  of  globally  distrib¬ 
uted  environments  for  large, more  complex 
customers?” 

BigFixs  Toto  chimed  in,  explaining  how 
agents  installed  on  every  managed 
machine  continuously  monitor  the  system 
and  “since  all  clients  are  working  in  paral¬ 
lel  at  the  same  time,  the  central  server  is 
never  a  bottleneck  and  BigFix  can  manage 
many  tens  of  thousands  of  agents  on  a  sin¬ 
gle  BigFix  Enterprise  Suite  server? 

Peter  Stapleton,  director  of  Computer 
Associates’  eTrust  Managed  Vulnerability 
Service, joined  the  debate, saying“the  great¬ 
est  challenges  for  decentralized  organiza¬ 
tions  are  often  procedural  or  process- 
based”  and  do  not  concern  specific  tech¬ 
nology,  patch  or  otherwise. 

With  customers  preferring  integrated 
tools,  industry  watchers  expect  the  market 
to  tilt  toward  larger  companies. 

“There  are  plenty  of  vendors  doing  just 
pieces  of  [patch  management] ,  and  what 
customers  need  is  an  integrated  software 
product  that  can  tackle  all  the  elements  in 
a  distributed  environment,”  said  Fred 
Broussard,  a  senior  analyst  at  1DC. 

Security  vendors  such  as  Citadel  and 
Symantec  are  likely  to  expand  patch  fea¬ 
tures  in  their  product  suites.  Systems  man¬ 
agement  vendors  such  as  Altiris  and 
Configuresoft  say  patch  is  a  natural  exten¬ 
sion  of  their  change  and  configuration 
management  tools. 

“It’s  actually  surprising  that  more  pure- 
play  patch  vendors  haven’t  been 
acquired,”  Forrester’s  Friedlander  said.  He 
said  bigger  security  vendors  such  as 
McAfee  and  Trend  Micro  would  be  most 
likely  to  acquire  pure-play  vendors 
because  patching  is  the  responsibility  of 
the  security  team  in  most  IT  shops. 

Management  heavyweights  such  as  BMC 
Software,  HP  and  Computer  Associates  also 
potentially  could  acquire  pure-play  ven¬ 
dors  to  round  out  their  security  software 
suites. 

BMC’s  acquisition  of  systems  manage¬ 
ment  software  maker  Marimba  has  indus¬ 
try  watchers  speculating  the  vendor 
already  could  be  pumping  up  its  patch 


More  online! 

What  shape  will  technology  take  in  2005?  Be  the  first 
to  see  top  solutions  that  will  impact  networks  at 
an  upcoming  Tech  Tour  event  called  "The  2005  IT 
Road  Map. 

DocFinder  4446 


offerings.  HP  is  set  to  announce  this  week 
product  details  related  to  its  acquisition 
of  Novadigm,  which  is  likely  to  address 
HP  product  holes  in  the  areas  of  change 
and  configuration  management  and 
security. 

Computer  Associates’  Stapleton  said  his 


company  already  can  tackle  the  multi¬ 
faceted  patch  problem. 

“What  CA  has  done  is  address  the  prob¬ 
lem  of  vulnerability  management  and 
applied  our  experience  in  enterprise 
management  with  particular  emphasis 
on  change  control  and  configuration 


management,”  Stapleton  said.  ‘The  basic, 
challenges  of  knowing  what  you  have 
(asset  management),  knowing  who 
should  be  able  to  access  it  (identity  man¬ 
agement),  and  knowing  the  risk  to  your 
enterprise  (threat  management)  are  cor¬ 
nerstones  of  the  CA  offerings.”  ■ 


SjpRAGETEK 

:'//S  • 


”  i 1  ^ 


pi  v*  _  w* 


. ;  • ; ■).  ip  •  v •  • 


The  problems  are  out  there  -  and  they’re  not  going  to  go  away  by  themselves?  l^y.pKy;;.  '/^ 
for  you,  there’s  a  new  solution  from  the  storage  experts.  We’d  like. 
our  StreamLine1'  SL500  tape  library.  It’s  the  perfect  problem  solver  for  an, 
backup  system,  offering  modular,  accessible  storage 


storage  environment,  and  then  grow  with  you.  You’ll 


decrease  management  complexity  and  decrease  your  :Y”;  '  Y 

headaches.  The  best  part?  It  starts  at  around  $14,000.  For  moffi'mformatioh  about 
the  SL500,  visit  www.StreamLmeSL500.com  or  call  800-786-7g3$);'extension  500, 

©  2004  Storage  Technology  Corporation,  Louisville,  CO.  All  rights  reserved  Streamline,' ffid^tp'i'ageTsk  logo 
are  trademarks  and  registered  trademarks  of  Storage  Technology  Corporation. 


■ 


•slt.v'Vv.- 


12 


NetworkWorld 


11/29/04  News 


www.nwfusion.com  | 


Audit 

continued  from  page  1 

expense  management  tools  and 
services  this  year,  according  to 
Gartner,  an  increase  of  about  $120 
million  over  2003. 

MCI  already  provides  auditing 
services,  Verizon  is  testing  an 
offering,  and  Sprint  has  a  toe  in 
the  water.  AT&T  officially  denies 
any  interest  in  providing  such  ser¬ 
vices,  but  one  industry  analyst 
told  Network  World  that  he  has 
heard  differently  from  the  nation’s 
largest  carrier. 

The  carriers  providing  these  ser¬ 
vices  have  a  mountain  of  doubts 


to  overcome. 

“I'm  skeptical,”  says  Christa 
Degnan,  director  of  supply-chain 
research  at  Aberdeen.  “The  carri¬ 
ers  are  getting  beat  up  by  enter¬ 
prise  companies  who  have 
woken  up  and  realized  how 
badly  the  carriers  have  been 
screwing  them.  Now  the  carriers 
are  going  to  charge  to  bill  them 
correctly?” 

Another  analyst  also  questions 
the  service. 

“It’s  like  the  fox  watching  the 
hen  house,”  says  Peter  Firstbrook, 
program  director  at  Meta  Group. 
“Especially  when  you  consider 
that  20%  of  the  problem  [for  audi¬ 


tors]  is  finding  the  error  and  80% 
is  getting  the  carrier  to  pay  up.” 

One  customer  who  audits  his 
own  telecom  bills  monthly  says 
he  does  not  see  any  value  in  turn¬ 
ing  that  chore  over  to  his  carrier. 

“The  carrier  is  billing  me,  so  why 
would  the  carrier  audit  itself?” 
asks  the  IT  director  at  a  Massa¬ 
chusetts  company  who  asked  to 
remain  anonymous.  “They  screw 
up  my  bills  and  then  want  me  to 
pay  to  correct  their  mistake?  No,  I 
would  not  be  interested  in  that 
service.” 

However,  such  skepticism  is  not 
universally  shared. 

RKA  Petroleum,  a  Romulus, 
Mich.,  utility  company  also  has 
been  auditing  its  telecom  bills  in- 
house.  But  the  company  “could 
greatly  benefit  from  . . .  audits  of 
monthly  bills  from  our  telecom 
providers,”  says  IT  Director  Jason 
Hittleman.  He  does  not  like  how 
some  independent  auditing  com¬ 
panies  base  their  fees  on  how 
much  money  they  save  cus¬ 
tomers. 

“We  would  be  interested  in  such 
services  from  our  carriers,  even  if 
they  charged  an  additional 
monthly  fee,”  Hittleman  says.  “The 
bottom  line  is  that  these  types  of 
services  would  save  us  time  and 
money’ 

Looking  for  trouble 

Independent  auditing  compa¬ 
nies  such  as  Avotus,  Control 
Points  Solutions  (formerly 
Broadmargin  and  Teldata  Con¬ 
trols),  MSS  Group,  Granite  Tele¬ 
communications  and  ProfitLine, 
typically  search  for  three  types  of 
errors:  math;  non-compliance 
with  contract  terms;  and  mis¬ 
takes  with  moves,  adds  or 
changes  whereby  the  carrier 
continues  to  charge  for  a  line 
that  was  canceled. 

Some  auditing  companies 
charge  customers  based  on  sav¬ 
ings  found,  but  others  charge  a 
flat  monthly  fee  for  ongoing  ser¬ 
vices  whether  they  save  a  user 
$1,000  or  $10,000  per  month. The 
latter  pricing  method  is  most  rec¬ 
ommended  by  industry  experts. 

Just  how  much  carriers  are 
charging  or  plan  to  charge  is 
murky 

Verizon  is  testing  its  bill-audit¬ 
ing  service,  which  it  likely  will 
introduce  to  customers  in  a  vari- 


■  Read  about  a  company 
whose  software  is 


designed  to  help  compa¬ 
nies  better  track  their 
telecom  assets.  PAGE  31 


ety  of  flavors,  including  a  pay-for 
service.  But  details  on  how  much 
customers  will  have  to  pay  have 
not  been  determined.  Separately 
MCI  charges  its  outsourcing  cus¬ 
tomers  for  its  bill-auditing  ser¬ 
vice,  but  the  fees  are  part  of  a 
total  outsourcing  contract,  not  a 
line  item  that’s  specifically  iden¬ 
tified  as  bill-auditing  services. 

Verizon  officials  say  the  com¬ 
petitive  landscape  compels 
them  to  offer  enhanced  services 
such  as  auditing. 

“Being  just  a  plain  old  tele¬ 
phone  company  just  doesn’t 


Cleaning  up 

Corporate  telecom 
users  will  spend  nearly 
$500  million  on  expense 
management  tools  and 
services  this  year, 
according  to  Gartner. 

They’ll  be  spending 
about  twice  that  much 
by  2008,  the  research 
firm  predicts. 


work  anymore,”  says  Peggy  Foley 
director  of  billing  systems  and  e- 
media  at  Verizon. “Just  like  every 
other  company  out  there  we 
have  to  be  the  most  cost-effec¬ 
tive  and  efficient, and  we  need  to 
help  users  get  the  most  bang  for 
their  buck.” 

Verizon  plans  to  roll  out  its  bill¬ 
auditing  services  next  year.  The 
carrier  has  a  pilot  bill-auditing 
and  -analysis  service  underway 
with  a  Fortune  50  financial  com¬ 
pany  Foley  says,  although  she 
would  not  name  the  firm. 

In  the  pilot  Verizon  is  analyzing 
only  its  own  bills,  not  telecom 
invoices  from  other  carriers,  but 
the  carrier  intends  to  do  both. 

As  for  the  criticism  that  bills 
should  be  accurate  in  the  first 
place,  Foley  agrees  to  a  point. 

“Our  billing  should  be  accu¬ 
rate  and  timelj/  she  says.  “We 
should  be  doing  analysis  proac¬ 
tively  and  billing  correctly  and 
being  sure  we  have  the  system 
functions  and  capabilities  to  do 
it. This  is  our  long-term  goal.  A  lot 
has  improved  in  the  last  18 
months,  but  it’s  not  perfect.” 

Verizon  still  plans  to  charge  for 
its  auditing  services.  Foley  envi¬ 
sions  a  three-tier  program.  The 
first  tier  would  offer  a  free  self- 
service  portal  where  customers 
could  view  their  bills  online  and 
run  a  handful  of  reports.This  fea¬ 
ture  is  actually  offered  today  for 
no  additional  charge. 


The  second  tier  would  offer 
enhancements  with  “a  human 
touch.”  There  would  likely  be  a 
nominal  additional  fee  for  the 
mid-tier  service.  The  third-tier 
would  have  features  ranging 
from  telecom  expense  manage¬ 
ment  to  monthly  bill  analysis 
and  bill  payment,  Foley  says. 

MCI  is  taking  a  different  ap¬ 
proach.  The  carrier  actually  has 
offered  bill-auditing  services  to 
outsourcing  customers  for  about 
seven  years,  says  Bill  Messerle, 
director  of  outsourcing  service 
delivery.  An  MCI  outsourcing  cus¬ 
tomer  typically  hands  over  its 
telecom  reins  to  the  carrier, 
putting  MCI  in  charge  of  every¬ 
thing  from  purchasing  access 
ports  from  local  exchange  carri¬ 
ers  to  buying  and  installing  new 
routers.  In  other  words,  MCI  be¬ 
comes  the  customer’s  telecom 
manager,  which  in  many  cases 
includes  receiving  all  telecom 
bills.  It’s  a  natural  environment  to 
also  support  bill  auditing  for  all  a 
customer’s  service  provider 
invoices,  Messerle  says. 

MCI  offers  customers  a  reposi¬ 
tory  for  third-party  vendor  in¬ 
voices  whereby  the  carrier  does 
“high-level  evaluation,  including 
historical  trending  and  spot¬ 
checking,”  Messerle  says.  “If  we 
find  errors  we  do  a  targeted, 
deep  dive  and  check  invoices.” 

The  latter  includes  verifying 
users  are  being  charged  the  cor¬ 
rect  rates  for  all  services  and 
being  charged  only  for  services 
they  currently  use. 

Messerle  says  more  users  are 
asking  for  this  feature.  “We  are 
seeing  more  interest  lately,  which 
might  stem  from  the  complexity 
of  services  offered  toda>(he  says. 

Sprint  has  taken  yet  another 
approach  to  telecom  expense 
management.  Quarterly  the  carri¬ 
er  consults  with  its  managed 
data  service  customers  to  go 
over  their  telecom  usage,  says 
Mickey  O’Dell,  product  market¬ 
ing  manager.  For  example,  if  a 
customer  originally  bought  20  T- 
ls  and  five  of  those  do  not 
require  1.544M  bit/sec  of  band¬ 
width,  Sprint  can  adjust  that  and 
appropriately  size  the  network 
on  an  ongoing  basis,  he  says. 

While  Sprint  is  not  offering  a 
bill-auditing  service,  the  carrier 
does  review  Sprint  bills  for  man¬ 
aged  service  users  that  make  the 
request,  O’Dell  says.  The  bill  re¬ 
view  is  more  of  a  line-by-line 
analysis,  he  says,  and  there  are 
no  plans  to  offer  more  detailed 
bill-auditing  services.  ■ 

Get  more  information  online. 
DocFinder:  4849 
www.nwfusien.eom 


Law  could  sway 
Philiy  Wi-Fi  rollout 

■  BY  STEPHEN  LAWSON 

A  proposed  Pennsylvania  law  now  on  its  way  to  the  governor’s  desk 
could  pose  a  hurdle  for  Philadelphia’s  ambitious  plan  to  provide  city¬ 
wide  Wi-Fi  broadband  service. 

One  provision  of  House  Bill  30  (HB30),a  wide-ranging  telecom  reg¬ 
ulation  bill  that  earned  final  approval  by  the  state  House  and  Senate 
last  week,  would  prohibit  a  government  or  any  entity  it  creates  from 
offering  broadband  for  a  fee. 

Philadelphia’s  city  government  is  studying  plans  to  deploy  Wi-Fi  wire¬ 
less  LAN  access  points  throughout  the  city  each  offering  IEEE  802.1  lb 
access  and  linked  to  others  via  a  wireless  mesh  network, says  Dinanah 
Neff,  the  city’s  CIO.  Deployment  has  been  scheduled  to  begin  in  June 
2005  and  should  be  completed  by  June  2006. 

The  $7  million  to  $10  million  project  is  intended  to  encourage  eco¬ 
nomic  growth  and  help  poor  residents  access  the  Internet  with  a 
broadband  service  priced  at  an  estimated  $15  to  $25  per  month,  she 
says.  HB30  would  eliminate  three  of  the  five  possible  business  models 
that  Neff  and  the  Wireless  Philadelphia  Executive  Committee  are  study¬ 
ing,  she  says. 

“It  will  make  it  more  difficult.  It  will  not  kill  the  project,”  Neff  says. 

The  city  could  provide  the  service  for  free,  but  it  is  unlikely  to  find  a 
funding  source  for  that, she  says.  Alternatively  it  could  offer  the  service 
through  a  consortium  of  private  companies  that  would  sell  it  to  the 
public  —  probably  at  a  higher  price,  Neff  says. 

The  language  on  government-supplied  broadband  in  the  bill  would 
hand  a  big  favor  to  Verizon,  the  incumbent  regional  telecom  carrier  in 
Philadelphia,  according  to  Gary  Tuma,  press  secretary  to  state  Sen. 
Vincent  Fumo,  a  Democrat  who  opposed  the  bill.  Verizon  has  fallen 
short  on  its  promises  to  build  a  more  up-to-date  network  over  the  past 
10  years,  contributing  to  the  lack  of  broadband  availability,  he  says. 

“Its  one  of  many  efforts  being  made  by  Verizon  to  prevent  competi¬ 
tion, ’Tuma  says.“What  was  going  on  here  was  an  intense  lobbying  effort 
by  Verizon  to  get  a  version  of  the  bill  they  were  happy  with.” 

Verizon  disputed  that  charge. The  carrier  has  invested  $8.5  billion  in 
infrastructure  in  Pennsylvania  over  the  past  10  years,  and  competition 
is  thriving  in  the  state,  says  company  spokeswoman  Sharon  Shaffer. 

Local  governments  that  get  into  the  broadband  business  risk  pouring 
taxpayer  dollars  into  projects  that  don’t  pay  off.Shaffersays.  In  addition, 
they  enjoy  competitive  advantages  that  include  having  access  to  pub¬ 
lic  funds  and  not  having  to  pay  taxes, she  adds. 

Still,  regional  and  long-distance  phone  companies  have  in  recent 
months  campaigned  to  crush  municipal  wireless  initiatives  like 
Philadelphia’s  as  many  cities  have  either  begun  or  announced  public 
Wi-Fi  plans  —  from  San  Francisco  to  St.  Cloud,  Fla. 

Lawson  is  a  correspondent  with  the  IDG  News  Service. 


VT^T|B  To  manage  this  much  money,  you  need  a  solution  that  offers  optimum  performance  and  real-time  flexibility.  Microsoft  found  both  in  the 
AMD  Opteron™  processor  running  Windows  Server™  2003,  Enterprise  Edition.  The  AMD  Opteron  processor  with  its  Direct  Connect 
Architecture  already  powers  the  world’s  highest  performing  2-way  and  4-way  x86  servers.  Now  Microsoft  Treasury  managers  are  using 
it  to  slash  the  time  it  takes  to  run  their  complex  risk-analysis  software.  Meanwhile,  they  have  the  flexibility  to  go  from  32-  to  64-bit 
applications  without  disrupting  their  business.  At  AMD,  we  believe  it’s  critical  that  technology  should  migrate  on  your  terms  to  help  you  realize  your 
unique  vision.  It’s  one  of  the  reasons  why  leading  OEMs  offer  enterprise-class  solutions  powered  by  AMD  Opteron  processors.  Would  you  like  to  learn 
just  how  much  of  a  difference  they  can  make  to  your  company?  Go  to  www.amd.com/enterprise 


AMD 


Opteron 


NetworkWorld 


11/29/04 


lews 


www.nwfusion.com 


Leeway  found  in  Wal-Mart’s  RFID  mandate 

About  30%  of  retailer’s  top  100  suppliers  are  expected  to  reach  full-scale  implementation  by  January. 


■  BY  ANN  BEDNARZ 

Wal-Mart’s  Januaiy  deadline  for 
its  top  100  suppliers  to  begin  ship¬ 
ping  cases  and  pallets  outfitted 
with  radio  frequency  identifica¬ 
tion  tags  is  just  around  the  corner 
—  in  theory  The  reality  is,  compli¬ 
ance  is  going  to  be  a  multi-year 
effort,  analysts  say. 

According  to  ABI  Research, only 
about  30%  of  Wal-Marts  top  100 
suppliers  will  have  accomplished 
full-scale  RFID  implementations 
by  January  The  remaining  70% 
have  only  been  testing  the  waters 
with  shallow  “slap-and-ship”  ef¬ 
forts.  (“Slap-and-ship”  refers  to  ad¬ 
ding  RFID  tags  at  the  distribution 
center,  simply  to  meet  retailer  re¬ 
quirements,  as  opposed  to  inte¬ 
grating  RFID  technology  early  in 


manufacturing  processes.) 

“This  mandate  was  never  as  big 
and  hard  and  fast  as  it  looked 
from  the  outside, ’’says  Steve  Bank¬ 
er,  service  director  for  supply 
chain  management  at  research 
firm  ARC  Advisory  Group.  Banker 
talked  to  24  companies  that  have 
actively  invested  in  an  RFID  infra¬ 
structure,  including  19  that  are 
Wal-Mart  suppliers. 

Fie  expected  to  hear  that  these 
Wal-Mart  suppliers  would  be 
putting  RFID  tags  on  all  their 
cases  and  pallets  going  to  Wal- 
Mart’s  three  designated  RFID- 
ready  distribution  centers  in 
Texas.  But  that  isn’t  the  case. 

“Several  of  those  19  companies, 
including  some  of  Wal-Mart’s  top 
eight  suppliers,  were  RFID-tagging 
less  than  a  dozen  [stock-keeping 


units].  On  average,  companies 
were  probably  tagging  about  20 
to  30  SKUs,  instead  of  the  hun¬ 
dreds  of  things  that  they  sell  to 
Wal-Mart.” 

One  reason  the  laggards  have 
been  half-hearted  in  their  compli¬ 
ance  efforts  is  a  lack  of  technical 
assistance.  “The  truth  is  that  there 
haven’t  been  reputable  integra¬ 
tors  in  the  market,”  says  Erik  Mich- 
ielsen,  a  director  at  ABI  Research, 
in  a  statement. “Only  now  are  we 
seeing  Sun,  HR  IBM,  Oracle,  SAP 
and  Microsoft  getting  involved  at 
the  product  and  personnel  level.” 

The  technology  is  a  little  messy 
and  some  of  the  vendors  and 
consultants  aren’t  as  good  as 
expected,  Banker  adds.  Among 
the  suppliers,  the  projected  ROI  is 
disappointing,  too.  Nearly  all  the 


suppliers  Banker  talked  to  say  it 
will  take  more  than  two  years  to 
achieve  a  payback  for  deploying 
RFID  technology  Only  one  com- 


Erik  Michielsen 

Director,  ABI  Research 

pany  said  it  could  obtain  pay¬ 
back  in  less  than  two  years. 

“The  suppliers  don’t  believe 
that  many  of  the  benefits  they 
would  like  to  reap  are  going  to 
become  possible  until  this  tech¬ 
nology  becomes  far  more  reli¬ 
able,”  Banker  says.  The  reliability 
of  RFID  readers  needs  to  improve 
greatly  for  example. 

According  to  rough  figures  from 
ARC  Advisory  Group,  a  company 
that  ships  50  million  cases  a  year 
to  Wal-Mart  might  spend  $10  mil¬ 
lion  for  RFID  tags,  assuming  20 
cents  per  tag;  $1  million  to  pre¬ 
pare  the  RFID  infrastructure;  and 
$500,000  to  tune  warehouse 
processes, including  adding  labor. 

So  is  Wal-Mart  disappointed? 
The  goal  was  and  remains  100% 
compliance,  but  the  retail  giant 
built  some  flexibility  into  its  plans 
all  along,  according  to  company 
spokesperson  Gus  Whitcomb. 

Participation  is  expected:  Of  its 
top  100  suppliers,  just  two  were  al¬ 
lowed  to  back  away  from  the  Jan¬ 
uary  2005  deadline,  Whitcomb 
says.  One  because  it  was  taken 
over  by  another  company  and 
the  other  because  it  was  in  the 
middle  of  switching  over  all  its 
systems  and  to  add  an  RFID  im¬ 
plementation  to  its  plans  would 
have  been  too  taxing,  he  says. 

The  other  98  of  Wal-Mart’s  top 
100  suppliers  will  be  participating 
in  the  RFID  rollout  come  January, 
along  with  38  other  companies 
that  voluntarily  joined  the  first 
wave  of  RFID-ready  suppliers. 

Where  flexibility  exists  is  in  the 
percentage  of  shipments  to  be 
tagged,  Whitcomb  says.  Wal-Mart 
has  worked  with  suppliers  on  a 
case-by-case  basis  to  see  if  it’s  pos¬ 
sible  to  tag  100%  of  their  Texas- 
bound  cases  and  pallets. 

“That’s  where  the  flexibility  has 
always  been. We  challenged  them 
to  do  100%  because  ultimately  we 
think  we  can  get  there.  But  if  they 
came  back  and  said  their  supply 
chain  didn’t  work  that  way  or  that 


would  cause  them  to  have  to 
make  massive  changes,  then  obvi¬ 
ously  we  said/OK,  well  what  can 
you  do  reasonably?’  And  that’s 


what  we’ve  been  working  with 
them  on.” 

Wal-Mart’s  current  estimate  is 
that  by  the  end  of  January  the  136 
participating  suppliers  will  be  tag¬ 
ging  about  65%  of  the  product 
cases  and  pallets  that  get  sent  to 
the  three  Texas  distribution  cen¬ 
ters,  Whitcomb  says. 

Analysts  say  the  leeway  is 
necessary. 

“Wal-Mart  didn’t  expect  this  bat¬ 
tle  to  be  won  by  Jan.  1,  2005,” 
Michielsen  says.  “What  it  did  was 
create  an  incentive  structure  that 
pushed  its  partners  in  the  market 
to  better  understand  the  technol¬ 
ogy  while  standards  were  being 
developed  and  innovation  was 
taking  place.  Wal-Mart’s  goal  is  to 
get  companies  to  integrate  this 
technology  into  their  changing 
business  processes.” 

Wal-Mart  was  amenable  to 
delays,  the  suppliers  told  Banker. 
“Companies  could  make  a  valid 
argument  for  starting  smaller,  and 
learning,  and  then  growing  as 
they  discover  how  to  do  this 
more  profitably  Wal-Mart  was  will¬ 
ing  to  listen  to  that,”  Banker  says. 

Wal-Mart’s  deadline  leniency 
doesn’t  mean  suppliers  are  relax¬ 
ing,  however.  “The  suppliers  I 
talked  to  are  doing  everything  in 
their  power  to  meet  the  commit¬ 
ment  that  they  made  to  Wal-Mart," 
Banker  says.  “What  they  verbally 
committed  to,  they’re  breaking 
their  backs  trying  to  do.”B 


More  online! 

Try  70  technologies  that  could  grow  your 
business  before  you  purchase  at 
Domo@15!  on  Feb.  13-15,  2005  in 
Scottsdale,  Ariz. 

DocFinder:  4749 


Sun  to  boost  storage  package 


■  BY  DENI  CONNOR 

Sun  is  expected  in  the  next  six 
months  to  introduce  software  and 
hardware  that  lets  IT  managers  vir¬ 
tualize,  manage  and  replicate  data 
across  a  host  of  vendors’  storage 
arrays. 

The  company  is  set  to  announce 
that  its  StorEdge  6920  array  work¬ 
ing  in  concert  with  a  release  of  its 
Enterprise  Storage  Manager  soft¬ 
ware,  code-named  Unity  3.0,  will 
let  customers  with  data  residing 
on  storage  arrays  from  HP  and 
EMC  pool  data  with  that  of  the 
6920  for  management  and  other 
purposes. The  6920  supports  4T  to 
65T  bytes  of  storage. 

Sun  is  one  of  the  first  vendors  to 
virtualize  a  mid-range  storage 
array  IBM  provides  virtualization 
for  its  mid-tier  DS  array  family  with 
its  SAN  Volume  Controller.  IBM,  HP 
and  Hitachi  Data  Systems  also 
provide  virtualization  for  their 
high-end  storage  arrays.  EMC  has 
promised  pooling  and  subse¬ 
quent  replication  and  migration  for  its  Symmetrix 
DMX  and  mid-range  Clariion  systems  when  it  intro¬ 
duces  its  Storage  Router  next  year. 

The  StorEdge  6920  array  incorporates  the  data  ser¬ 
vices  platform  hardware  technology  acquired  from 
Pirus  Networks  more  than  two  years  ago. 

Data  services  platforms  let  the  6920  host  intelli¬ 
gent  storage  applications  such  as  migration,  repli¬ 
cation  and  tiering  of  data  for  information  life- 
cycle  management. 

Software  embedded  in  the  data  services  platform, 
called  Storage  Pool  Manager,  provides  virtualization 


The  StorEdge  6920  array  supports 
up  to  65T  bytes  of  storage. 


of  storage  systems  connected  to  a 
StorEdge  6920. 

“The  Storage  Pool  Manager  soft¬ 
ware  allows  administrators  to  cre¬ 
ate  storage  pools  across  the 
attached  storage  systems  and  then 
allocate  [logical  unit  numbers, 
which  carve  up  storage  space], 
from  the  storage  pool,” says  Randy 
Kerns,  senior  analyst  and  partner 
at  Evaluator  Group. 

“The  Storage  Pool  Manager  soft¬ 
ware  has  predefined  storage  pro¬ 
files  that  can  be  targeted  at  easing 
the  provisioning  workload  and 
optimizing  storage  operations,” 
Kerns  says. 

The  data  services  platform  soft¬ 
ware  in  the  6920  also  lets  cus¬ 
tomers  create  storage  partitions 
or  domains  that  can  be  securely 
assigned  to  individual  business 
processes  or  groups  of  users 
for  chargeback  or  utilization 
purposes. 

The  StorEdge  6920,  which  Sun 
introduced  in  September,  will  be 
managed  from  a  standards-based 
Storage  Management  Interface  Specification-based 
portal  in  Enterprise  Storage  Manager. 

The  Unity  3.0  virtualization  capability  is  expected 
to  enter  beta  testing  as  soon  as  January  and  ship  in 
May  or  June.  Future  releases  will  support  virtualiza¬ 
tion  of  EMC  Symmetrix’,  IBM  Enterprise  Storage 
Server,  HP  Storage  Works  12000,  Hitachi  TagmaStore 
and  Engenio  storage  arrays. 

Pricing  has  not  been  set  for  the  individual  data  ser¬ 
vices  platform  components  such  as  remote  replica¬ 
tion,  but  virtualization  capability  will  be  included  at 
no  cost  with  the  Sun  StorEdge  6920  array.  ■ 


fcfc  Wal-Mart  didn’t  expect  this  battle  to  be 
won  by  Jan.  1, 2005.91 


The  highly  dependable  HP  BladeSystem  features  Intel®  Xeon™  Processors.  Now  it's  possible  to  react  to  changing  business  conditions 
in  real  time — in  seconds.  Application  deployment  and  reprovisioning  become  an  automated  process.  From  single  console  remote 
management  to  up  to  19%  power  savings2— the  HP  BladeSystem  is  designed  to  save  you  time,  money  and,  quite  possibly,  your  sanity. 
Which,  of  course,  could  be  the  most  compelling  reason  of  all  to  learn  more. 


THE  SOLUTION 

THE  BENEFITS2 

HP  ProLiant  BL30p  Blade  Server 

•  2  Intel'1  Xeon™  Processors  DP  up  to  3.20GHz/2MB’ 

•  23%  savings  on  acquisition  cost 

•  High  density;  Up  to  96  servers  per  rack 

•  Up  to  19%  less  power  consumption 

•  HP  Systems  Insight  Manager™;  Web-based 

•  Up  to  93%  fewer  cables 

networked  managment  through  a  single  console 

•  Hot-swappable  server  design 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

•  Rapid  Deployment  Pack:  For  ease  of  deployment 
and  ongoing  provisioning  and  reprovisioning 

•  Single  interface  for  integrated  remote  management 

' 


■HHfc 


mmammm 


Contact  HP  today  for  a  free  IDC  white  paper:  Adapting 
to  Change:  BladeSystem  Moves  into  the  Mainstream 


CLICK 

hp.com/go/Bladesmag5 

CALL 

1-800-282-6672 

option  5,  mention  code  AUFK 

VISIT 

your  local  reseller 

1 .  Intel's  numbering  is  not  a  measurement  of  higher  performance.  2.  Based  on  internal  HP  testing;  compared  to  similarly  configured  HP1U,  2P  server  Intel,  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  corporation  or  its  subsidiaries  in  the  United  States  and  other  countries. 

©2004  Hewlett-Packard  Development  Company,  L.P 


Redline  Networks  helps  medical 
records  management  firm 
ChartOne  cure  network  pains 
and  boost  the  business  case  for 
its  Web-enabled  ERP  apps . 


NO  IT  EXECUTIVE  LOOKS  FORWARD  TO  ASKING  upper  management 
to  spend  $200,000  on  a  major  system  upgrade.  But  Henry  Svendblad, 
director  of  IT  at  ChartOne,  Inc.,  felt  he  had  little  choice. 


ChartOne,  based  in  San  Jose,  California,  sells 
technology  and  services  that  help  health  care 
institutions  easily  and  cost-effectively  access  and 
manage  patient  records.  To  better  serve  its 
customers,  which  represent  20%  of  hospitals  in  the 
U.S.,  and  to  ease  the  burden  on  its  own  IT  staff,  the 
company  wanted  to  migrate  its  ERP  applications  to 
the  Web. 

Like  many  companies  transitioning  to  Web- 
based  applications,  ChartOne  hit  performance 
snags  that  no  amount  of  application  tuning  and 
new  hardware  could  cure.  Only  after  two  years  of 
trial  and  error  did  ChartOne  find  a  cure  in  Redline 
Networks,  which  makes  a  family  of  appliances  that 
deliver  a  broad  set  of  capabilities  to  ease  the 
network  burdens  and  boost  the  business  case  for 
Web-enabled  applications.  With  Redline's  E|X  3250 
enterprise  application  processor  handling  I/O 
processing,  connection  management,  compression, 
load  balancing  and  SSL  processing,  ChartOne 
customers  and  internal  users  are  now  experiencing 
the  performance  they  require  —  and  the  company's 
IT  group  is  realizing  the  administrative  benefits  that 
Web-enabled  applications  can  bring. 


ON  THE  WEB  TRAIL 

ChartOne's  odyssey  began  in  July  of  2001 ,  when 
the  company  began  migrating  its  homegrown 
client/server  enterprise  applications  to  Peoplesoft  8, 
a  Web-based  ERP  suite.  "We  were  expecting  growth 
of  20%  to  30%  a  year,  and  we  felt  we  needed  a  big 
ERP  system,"  Svendblad  says.  In  addition,  thin, 
standardized  browsers  would  require  far  less  IT 
support  than  fat,  homegrown  clients. 

If  ChartOne  was  going  to  offer  Web-based 
patient  records  management  services,  Svendblad 
also  felt  the  company  "should  eat  our  own  dog  food" 
and  use  a  Web-based  application  platform  internally. 

Webification  proved  to  have  its  challenges, 
however.  As  more  application  modules  and  users 
moved  onto  the  new  infrastructure,  response  times 
slowed  to  a  crawl.  Employees  at  the  company's  10 
remote  offices  sometimes  spent  hours  waiting  for 
tickler  screens  that  had  taken  minutes  to  display 
under  the  old  client/server  system.  The  10-  to  15- 
person  offices  had  plenty  of  bandwidth,  IT  staffers 
knew:  In  anticipation  of  the  migration  to  Peoplesoft 
8,  they'd  deployed  T1  links  to  each  site. 

Users  on  the  corporate  LAN  were  also  having 


difficulties.  By  far,  the  worst  off  was  the  accounts 
receivable  department,  which  processes  more  than 
300,000  transactions  per  month.  Productivity  had 
dropped  by  20%  because  of  response  time  degra¬ 
dation.  "During  peak  usage  periods,  it  was  taking 
people  minutes  to  go  from  screen  to  screen," 
Svendblad  says. 


ChartOne's  Challenges 


•  Web-enabled  enterprise  applications  were 
overloading  servers. 

•  Server  processors  were  at  80%  to  90% 
utilization  levels  during  peak  traffic  periods. 

•  Slow  response  time  over  corporate  LAN  was 
hurting  user  productivity. 

•  Remote  users  waited  hours  for  screen 
downloads. 


The  Redline  Networks  Cure 


•  Average  server  CPU  utilization  during  peak 
usage  now  between  10%  and  15%. 

•  Response  time  returned  to  desirable  levels 
for  local  and  remote  users. 

•  Remote  sites  no  longer  need  terminal  servers. 

•  Bandwidth  consumption  decreased  approx¬ 
imately  70%. 

•  Savings  of  $200,000  by  avoiding  major 
hardware  upgrades. 


Photograph  by  Robert  Houser 


ADVERTISING 


ChartOne  Cures 
Data  Center  Pain 


Redline 


Internet 


4^1 

Firewall  Fiber  J 

Switch 

Redline 


Improved 

Performance 

Improved  Performance 

Accelerated  PeopleSoft  and  Hyperion 
Improved  scalability  of  existing 
servers  and  switches 


Hyperion  Business 
Performance  Management 


Web 
Server  $ 


Database 

Server 


Web 

Servei 

Farm 

4  k 


Application 

Server 

Data 

Storage 

Application 
r  Server 

Farm 

Database 

Server 

Farm 

*  % 

«  % 

Portal 

V  Portal 

'f  Portal 

t  % 

HR 

’  V  HR 

V  HR 

If 

% 

CRM 

--  CRM 

■  V  CRM 

f  % 

Financial 

'  *  Financia 

Financial 

EPM 

'T'epm 

••  FPM 

PeopleSoft 


Fiber 

Switch 


V 

Fiber 

Switch 


Storage 

Area 

Network 


Higher 

Availability 


Higher  Availability 

Eliminated  client-server  in  remote  sites 
Simplified  network  infrastructure 


Easier 

Management 

Easier  Management 

Reduced  number  of  costly 
security  certificates 
Saved  $200,000  in  server  upgrades 


setup  also  strained  budgets  and  IT  resources. 

Meanwhile,  Web  and  application  servers  were  still 
maxing  out  during  peak  usage  periods.  A  major 
upgrade  seemed  inevitable.  "It  looked  like  we  needed 
a  new  [BEA  Systems]  WebLogic  server,  a  new 
database  server  and  a  third  server  for  finance," 
Svendblad  says.  His  team  priced  out  three  SunFire 
servers  on  the  second-hand  market  at  about  $50,000 
apiece.  He  also  budgeted  $50,000  for  a  LAN 
upgrade,  bringing  the  total  budget  hit  to  $200,000, 
which  Svendblad  calls  a  conservative  estimate. 


IN  SEARCH  OF  A  CURE 

As  user  complaints  mounted,  the  IT  staff  began 
looking  for  remedies.  PeopleSoft  and  Oracle  — 
ChartOne's  application  vendors  —  initially  suggested 
fine-tuning  their  applications.  "With  a  thin  Web 
client,  ERP  systems  involve  complex  querying  in  the 
background,"  Svendblad  explains. 

When  tweaking  back-end  software  produced 
little  improvement,  ChartOne  tried  upgrading  its 
server  hardware.  It  deployed  another  Sun  420R 
application  server  and  storage  box,  then  migrated 
the  main  financial  server  from  a  420R  to  a  more 
powerful  SunFire  server.  "Performance  improved 
slightly,  but  we  were  still  looking  at  CPU  usage  in 
the  high  80%  to  90%  range  during  peak  processing 
time,"  Svendblad  says.  "And  our  phones  were  still 
ringing  off  the  hook." 

Pressed  for  answers,  ChartOne  even  took  the 
radical  step  of  supplying  remote  offices  and  home 
workers  with  terminal  servers.  While  that  substan¬ 
tially  improved  response  time,  maintaining  the 
devices  offsite  was  a  major  burden  on  the  IT 
support  staff.  "It  was  like  we'd  gone  back  to  a 
client/server  setup,"  Svendblad  says,  noting  the 


ONE  VERY  BRIEF  PILOT 

Just  as  he  was  about  to  swallow  that  bitter  pill, 
a  former  colleague  told  Svendblad  about  Redline 
Networks  in  Campbell,  Calif.,  and  its  family  of 
appliances  that  help  enterprises  manage  the 
network  impact  of  Web-enabled  applications  and 
improve  their  business  case. 

In  the  summer  of  2003,  ChartOne  deployed 
Redline's  E|X  3250  enterprise  application  processor 
in  front  of  its  WebLogic  servers.  The  Redline  device 
took  over  complex  scheduling  of  TCP  requests 
and  connection  management  chores  for  as  many 
as  150  users,  saving  the  Web  servers'  CPU  and 
memory  resources  for  other  activities  like  page 
generation.  The  E|X  also  performed  data  compres¬ 
sion  to  speed  up  server  response  and  conserve 
bandwidth. 

Svendblad's  group  started  out  with  a  pilot  test 
within  the  accounts  receivable  group,  which  took 
the  biggest  performance  hit  after  moving  to 
Peoplesoft  8.  Setting  up  users  was  simple  and 
transparent,  Svendblad  reports:  "I  just  changed  the 
local  DNS  setting,  and  when  users  clicked  on  the 
PeopleSoft  icon,  they  were  routed  through  the 
Redline  box.  We  didn't  have  to  change  anything  on 


our  existing  architecture,  or  on  the  WebLogic  or 
PeopleSoft  servers." 

User  response  was  fast  and  dramatic.  "People 
were  asking  us  if  we'd  put  some  magic  juice  in  their 
system,"  Svendblad  reports.  When  word  spread, 
end  users  not  involved  in  the  pilot  "were  pounding 
on  our  door  saying,  'Whatever  you  did  for  her,  do 
for  me!"'  It  may  have  been  the  shortest  pilot  on 
record:  A  day  after  the  test  started,  the  company 
routed  all  the  other  users  through  the  Redline  box. 

TALLYING  THE  BENEFITS 

Once  the  bulk  of  users  was  online,  the  benefits 
of  the  Redline  device  really  began  to  kick  in, 
Svendblad  reports.  Average  CPU  consumption 
during  peak  processing  time  plummeted  from  80% 
or  more  to  less  than  15%.  Bandwidth  consumption 
decreased  approximately  70%. 

The  E|X  3250  now  handles  SSL  encryption, 
as  well.  "We  have  security  without  burdening 
our  servers  with  managing  certificates  or  with  SSL," 
Svendblad  says.  The  company  also  saves  money  on 
SSL  certificates,  since  it  needs  only  one  for  the 
Redline  box  instead  of  one  for  each  server. 

Over  the  past  year,  ChartOne  brought  its 
customer  relationship  management,  HR  and 
Hyperion  Business  Performance  Management 
applications  behind  the  Redline  box.  Most  recently, 
the  company  added  its  View  Manager:  Chart 
Management  Suite  of  ASP  offerings  to  the  set  of 
applications  front-ended  by  the  E|X  platform. 


After  ChartOne  installed  the  Redline 
Networks  E|X  3250,  riser  response 
was  dramatically  faster.  "People  were 
asking  us  if  we'd  put  some  magic 
juice  in  their  system,"  says  Henry 
Svendblad,  director  of  IT. 


ChartOne's  hundred-odd  remote  and  mobile 
users  have  completely  eliminated  their  terminal 
servers  and  use  a  standard  Web  browser  to  access 
all  applications,  via  the  E|X  3250.  "The  user  experi¬ 
ence  is  improved,  and  our  support  costs  are  lower," 
Svendblad  says. 

The  bottom  line:  ChartOne  successfully  imple¬ 
mented  a  Web-enabled  ERP  platform  with  a  "single 
box  solution"  that  addresses  critical  Web  tier  issues 
while  dramatically  improving  the  business  case  by 
increasing  user  productivity  and  avoiding  costly 
hardware  upgrades.  End  users  now  experience  the 
same  response  time  levels  and  productivity  they 
had  with  customized  fat  clients  —  but  IT  no  longer 
has  the  support  burden.  Says  Svendblad:  "I  think 
that's  pretty  impressive.' 


LEARN  MORE  ABOUT  REDLINE  NETWORKS  ONLINE 


Read  what  leading  analysts  and  other  customers  say 
about  Redline  Networks  at  our  new  InfoCenter,or  call  us  at: 

1.877.550.6420 

Visit:  www. redlinene tworks .com /infocenter 


Sponsored  by 


REDLINE 

NETWORKS 


•  it  ,’•  *  / 


18 

NetworkWorld 

11/29/04 

lews 

www.nwfusion.com 

I  A  Cisco  CTO:  We 

Charlie  Giancarlo,  <  war  Cisco  vet- 
eran,  took  over  os  the  company’s  CTO 
ggH  m  four  months  ago.  In  that  role,  he  con- 
y‘  tributes  to  and  communicates  the  com¬ 
pany's  overall  technology  strategy.  What’s 
*  /  more,  he  leads  Cisco’s  $500  million 

mrf  Linksys  division,  which  serves  con- 
BR  sumers  and  the  small  office/home  office 

market.  Here’s  an  edited  transcript  of 
Network  World  Senior  Editor  Phil 
Hochmuth 's  recent  discussion  with  Giancarlo. 

How  are  you  handling  the  two  jobs? 

It  keeps  me  out  of  trouble.  Linksys  is  a  very  different  business 
model.  It’s  one  that’s  of  great  interest  to  Cisco  for  a  number  of 
reasons.  One  interest  is  purely  the  products  themselves.  As  the 
Internet  starts  to  incorporate  more  and  different  types  of  ser¬ 
vices  for  consumers,  Linksys  will  be  the  brand  of  devices  that 
converts  packets  into  useful  services.  It’s  important  to  us  from 
that  standpoint . .  .What  we  do  at  Linksys  is  of  so  much  interest 
to  our  current  customer  base,  especially  to  service  providers, 
because  Linksys  and  service  providers  are  largely  selling  to  the 
same  customer  base. 

Linksys  is  also  important  to  us  because  it  is  the  first  time  Cisco 
has  gone  into  a  business  that  has  a  really  different  business 
model.  So  we’re  learning  a  lot  in  the  area  of  running  the  two  dif¬ 
ferent  business  models  in  the  company. That’s  an  important  les¬ 
son  for  us  because  as  we  continue  to  expand  as  a  company  we 
foresee  the  possibility  of  going  into  yet  other  areas  that  may  not 
only  be  different  from  a  product  perspective,  but  also  from  a 
business  model  perspective. 

What's  behind  Cisco's  recent  spate  of  high-profile  VoIP  wins,  such  as 
with  Boeing,  Ford  and  Bank  of  America? 

Tilings  have  been  building  up. We’ve  had  a  very  large  number 
of  customers  —  over  40  —  with  over  5,000  phones.  A  significant 
number,  over  a  dozen  with  over  10,000  phones,  operating  on  a 
single  IP  environment.  Cisco  itself  has  almost  60,000  phones 
operating  in  an  IP  telephony  environment  —  the  largest  in  the 
world  by  a  significant  amount.  Customers  have  been  planning 
for  quite  a  long  time  to  converge  their  networks.That’s  been 
happening  with  larger  networks,  and  now  we’re  getting  to  the 
kinds  of  numbers  that  people  sit  up  and  take  notice  of,  with 
[Bank  of  America]  or  Ford.  What  they’re  seeing  are  cost  savings 
and  operational  improvements  with  VoIP  —  all  of  which  were 
promised.  A  long  customer  list  makes  other  customers  feel  com¬ 
fortable  about  VoIPAnd  that’s  what  we’re  seeing  right  now. 

You've  been  evangelizing  about  residential  VoIP  services  lately,  but  will 
IP  Centrex  types  of  services  ever  evolve  the  way  analysts  initially 
thought  they  would? 

1  don’t  think  any  of  us  yet  know  exactly  which  VoIP  business 
models  will  be  truly  successful.  What  we  are  seeing  is  that  IP 
PBXs  are  a  powerful  concept  and  becoming  big  business. We 
also  see  that  VoIP  is  happening  in  a  big  way  in  the  consumer 
spaced  would  predict  that  half  the  U.S.  consumer  market  will  be 
on  VoIP  by  the  end  of  the  decade  —  residential  voice.  Exactly 
how  does  that  play  out  in  the  small  and  medium  business  mar¬ 
ket?  1  would  hazard  to  guess  that,  just  like  with  other  technolo¬ 
gies,  it  will  be  a  combination  of  the  enterprise  model  and  the 
consumer  model.  Larger  SMBs  that  style  themselves  as  smaller 
enterprises  will  look  at  IP  PBXs.  Smaller  SMBs  may  go  more  the 
consumer  route,  meaning  they’ll  look  at  small  IP  key  systems 
with  carrier  VoIP  service  behind  that. 


won't  be  commoditized 


If  more  companies  and  SMBs  want  IP  telephony  delivered  as  a  service, 
does  that  cannibalize  your  IP  PBX  market? 

That’s  effectively  how  Ford  is  getting  VoIP  —  as  a  service.  SBC 
is  serving  Ford,  utilizing  our  IP  PBX.  In  the  case  of  IP  telephony 
no  one  knows  where  it’s  hosted. That’s  the  important  concept.  In 
the  case  of  IP  PBXs,  whether  it’s  owed  or  managed,  whether  it’s 
hosted  on  or  off  the  premise,  no  one  is  the  wiser. 

Cisco  CEO  John  Chambers  has  said  he  expects  your  top  competitors 
to  come  from  Asia,  and  particularly  China,  in  the  near  future.  In  what 
markets  do  you  expect  to  see  the  strongest  competition  from  these 
vendors? 

We  have  to  separate  out  China  as  a  market  and  China  as  a 
source  of  competition. We  do  see  China  as  a  great  opportunity 
for  us.  We  have  very  high  market  share  in  China,  and  if  anything, 
we’re  going  to  increase  our  investment  over  there.  At  the  same 
time  we  realize  China  is  almost  the  second-largest  unified  mar¬ 
ket  in  the  world  next  to  the  U.S.  We’re  going  to  see  companies 
grow  up  in  China  first,  competing  in  the  Chinese  market;  then 
they’ll  start  to  compete  in  the  rest  of  the  world. 

The  predictions  that  Cisco’s  markets  will  be  commoditized 
have  been  constant  over  the  last  15  years.  It  hasn’t  happened  yet 
and  we  don’t  expect  to  have  it  happen.  But  we  do  expect  new 
sources  of  competition  to  come  out  of  China. 

What's  the  first  big  market  in  which  you  expect  to  clash  with  Chinese 
competitors? 

The  biggest  market  in  China  is  the  service  provider  market.  As 
compared  to  the  U.S.,the  [ratio]  of  capital  purchases  by  service 
providers  in  China,  as  compared  to  the  total  telecom  market  in 
China,  is  much  higher  than  it  is  here. 

What's  the  status  of  your  Network  Admission  Control  program,  for  inte¬ 
grating  anti-virus  and  firewall  capabilities  into  LAN  switches? 

We’ve  very  much  on  track. . . .  We  are  building  it  into  all  of  our 
switch  products.That  is  not  to  say  they  will  all  come  out  simul¬ 
taneously.  But  we  are  being  very  aggressive  in  terms  of  rolling 
out  the  first  phase  of  the  self-defining  network  across  all  the 
switches.  I  can’t  pre-announce  when  those  will  come  out,  but  it 
is  probably  one  of  the  most  important  initiatives  in  the  com¬ 
pany  Our  partners  [IBM, Trend  Micro,  Network  Associates  and 
Symantec]  give  NAC  momentum. 

Ultimately,  regarding  the  future  of  NAG,  does  the  LAN  switch  become 
more  of  a  security  product  as  opposed  to  just  a  basic  connectivity  hub? 

When  you  fill  a  glass  of  water  from  the  tap, you  don’t  expect  to 
get  viruses  and  worms.  We  see  security  being  a  fundamental 
component  of  the  network  itself. When  you  plug  into  a  network, 
you  shouldn’t  expect  viruses  and  worms  to  be  coming  out  of 
that  spigot.That’s  obviously  not  where  we  are  today  But  where 
do  we  expect  to  be  as  an  industry  five  years  from  now?  Anti¬ 
virus,  anti-spam,  anti-worm,  anti-whatever  will  be  fundamental 
components  of  the  functions  of  the  network.This  means  routers 
and  switches  and  whatever  elements  we  have  in  that  network 
infrastructure. 

Is  this  what  you  hope  will  stave  off  commoditization  in  the 
router/switch  market? 

It’s  one  of  many  things.  [Another  factor  is]  wireless/wireline 
integration,  which  allows  IT  staff  to  manage  and  secure  a  wire¬ 
less  environment  the  same  way  they  manage  security  in  a  wired 
environment.  Another  factor  is  technology  that  lets  you  manage 
the  network  for  telephony  as  well  as  for  data  —  really  integrat¬ 
ing  all  of  these  things  so  that  what  you  have  is  a  communica¬ 
tions  fabric  that  is  secure,  multi-modal,  that  understands  things 
like  presence  and  your  personal  identity  and  so  forth.  ■ 


EDITORIAL  DIRECTOR:  JOHN  GALLANT 
EDITOR  IN  CHIEF:  JOHN  DIX 


■  NEWS 

EXECUTIVE  EDITOR,  NEWS:  BOB  BROWN 
ASSOCIATE  NEWS  EDITOR:  MICHAEL  COONEY 
ASSOCIATE  NEWS  EDITOR:  PAUL  MCNAMARA 

■  NET  INFRASTRUCTURE 

SENIOR  EDITOR:  JOHN  COX 

(978)  834-0554;  Fax:  (978)  834-0558 

SENIOR  EDITOR:  TIM  GREENE 

SENIOR  EDITOR:  PHIL  HOCHMUTH 

SENIOR  EDITOR:  ELLEN  MESSMER.  (941)  792-1061 

■  ENTERPRISE  COMPUTINC 

SENIOR  EDITOR:  JOHN  FONTANA 

(303)  377-9057;  Fax:  (303)  377-9059 
SENIOR  EDITOR:  DENI  CONNOR 
(512)  345-3850;  Fax:  (512)  345-3860 
SENIOR  EDITOR:  JENNIFER  MEARS,  (608)  836-8490; 
Fax:  (608)  836-8491 

■  APPLICATION  SERVICES 

SENIOR  EDITOR:  CAROLYN  DUFFY  MARSAN, 

(703)  917-8621;  Fax:  (703)  917-8622 
SENIOR  EDITOR:  ANN  BEDNARZ  (612)  926-0470 
SENIOR  WRITER:  DENISE  DUBIE 
SENIOR  EDITOR:  CARA  GARRETSON,  (240)  246-0098 

■  SERVICE  PROVIDERS 

SENIOR  EDITOR:  DENISE  PAPPALARDO, 

(703)  768-7573 

MANAGING  EDITOR:  JIM  DUFFY  (716)  6560103 

■  NET.WORKER 

MANAGING  EDITOR:  TONI  KISTNER.  (207)  878-8246 

■  COPY  DESK/lAYOUT 

ASSISTANT  MANAGING  EDITOR:  RYAN  FRANCIS 
COPY  CHIEF:  BRETT  COUGH 
SENIOR  COPY  EDITOR:  JOHN  DOOLEY 
COPY  EDITOR:  MONICA  HAMILTON 

■  ART 

DESIGN  DIRECTOR:  TOM  NORTON 
ART  DIRECTOR:  BRIAN  GAIDRY 
SENIOR  DESIGNER:  STEPHEN  SAUER 
ASSOCIATE  DESIGNER:  ERIC  ANDERSON 

■  FEATURES 

FEATURES  EDITOR:  NEAL  WEINBERG 

SENIOR  MANAGING  EDITOR,  FEATURES:  AMY  SCHURR 

OPINIONS  PAGE  EDITOR:  SUSAN  COLLINS 

■  CLEAR  CHOICE  TESTS 

LAB  ALLIANCE  DIRECTOR:  CHRISTINE  BURNS, 

(717)  243-3686 

SENIOR  EDITOR,  PRODUCT  TESTING:  KEITH  SHAW, 

(508)  490-6527 

LAB  ALLIANCE  PARTNERS:  JOEL  SNYDER,  Opus  One; 
JOHN  BASS.  Centennial  Networking  Labs:  BARRY 
NANCE,  independent  consultant;  THOMAS 
POWELL.  PINT;  Miercom;  THOMAS  HENDERSON. 
ExtremeLabs;  TRAVIS  BERKLEY,  University  of 
Kansas;  DAVID  NEWMAN,  Network  Test; 
CHRISTINE  PEREY,  Fterey  Research  &  Consulting: 
JEFFREY  FRITZ.  University  of  California,  San 
Francisco;  JAMES  GASKIN,  Gaskin  Computing 
Services,  MANDY  ANDRESS,  ArcSec;  RODNEY 
THAYER,  Canola  &  Jones 

CONTRIBUTING  EDITORS:  DANIEL  BR1ERE.  MARK  GIBBS. 
JAMES  KOBIELUS,  MARK  MILLER 

■  NETWORK  WORLD  FUSION 

EXECUTIVE  EDITOR,  ONLINE:  ADAM  GAFFIN 
MANAGING  EDITOR:  MELISSA  SHAW 
MANAGING  EDITOR,  ONLINE  NEWS:  JEFF  CARUSO, 

(631)  584-5829 

ASSOCIATE  ONLINE  NEWS  EDITOR:  LINDA  LEUNG. 

(510)  768-2808 

MULTIMEDIA  EDITOR:  JASON  MESERVE 
SENIOR  ONLINE  COPY  CHIEF:  SHERYL  HODGE 
SENIOR  ONLINE  GRAPHIC  DESIGNER:  ZACH  SULLIVAN 

■  SIGNATURE  SERIES 

EDITOR:  BETH  SCHULTZ, 

(773)  283-0213;  Fax:  (773)  2834)214 
EXECUTIVE  EDITOR:  JULIE  BORT,  (970)  482-6454 
COPY  EDITOR:  BRETT  COUGH 

EDITORIAL  OPERATIONS  MANAGER:  CHERYL  CRIVELLO 
OFFICE  MANAGER,  EDITORIAL:  GLENNA  FASOLD 
EDITORIAL  OFFICE  ADMINISTRATOR:  PAT  JOSEFEK 
MAIN  PHONE:  (508)  460-3333 
E-MAIL:  first  namejast  name@nww.com 


Li  LSSUli 


Allen  Gwinn  fields 
tech  questions  while 
waxing  his  car. 


Mirra  2.0 
Axis  2DBW 
wireless  camera 
Linksys  VoIP 
adapter  (PAP2] 


Hat  home  net  technologies 


Best  broadband  bets 


1  IMKSVS8 

'  - 

A  Division  of  Cisco  Systems,  Inc. 

WIRELESS  MEDIA  EXTENDER  | 

WMCE54AG 

Dual-Band  Wireless  A/G 
Media  Center  Extender 


Enjoy  digital 
media  from  the 
comfort  of  your 
favorite  room! 

The  new  Linksys  Media  Center 
Extender  connects  a  Media  Center  PC 
with  a  TV  and  stereo  system  anywhere 
in  your  home.  Enjoy  digitally  recorded 
TV  shows  without  commercials!  Watch 
downloaded  premium  movies,  listen  to 
your  MP3s,  or  view  digital  photos  from 
the  comfort  of  your  living  room.  Even 
chat  on-line  with  your  friends  while 
watching  TV! 


Thousands  of  Possibilities 


Visit  www.Linksys.com  today  for  product 
details,  or  call  our  Advice  Line  at: 


1-800-737-7201 


Linksys  is  a  registered  trademark  or  trademark  of  Cisco  Systems,  Inc.  and/or  its  affiliates  in 
the  U.S.  and  certain  other  countries.  Copyright  ©  2004  Cisco  Systems,  Inc.  All  rights  reserved. 


Inside 


Pipe  dreams 


Helping  your  users  get  the  most  out  of 
their  broadband  service.  Page  14. 


Five  far  *05 

Your  home  network  checklist  for  the 
coming  year.  Page  IB. 


NEWS 

4  Sticky  Motes 

•  Bingo! 

•  IHA’s  home  integrator  initiative 

•  Web  cam  catches  crook 

•  More  . . . 

REVIEWS 

7  Out  nf  the  Box 

•  Mirra  Personal  Server  2.0 

•  Axis  260  Wireless  Net  Camera 

•  Linksys  PAP2  Phone  Adapter 


COLUMNS 

9  Tech  spy 

By  Toni  Kistner 

Bumpy  ride  to  home  networking. 

20  Security  chief 

By  Beb  Radcliff 
Battling  the  bad  guys. 

EE  Connection  coach 

By  James  Baskin 
When  WEP  won’t  work. 


E3  Off  the  clock 

By  Keith  5haw 
I  just  wanna  be  a  Jedi  Knight. 


From 

thp  priifnr 

L.I  ItZZZ  t_!LJ  1  LLJS 

to  Network  Life! 

As  a  network  expert  you  could  never 
really  leave  work  at  work,  but  now  that 
networks  have  invaded  the  home,  you’re 
in  even  greater  demand.  Everyone  turns 
to  you  for  advice  about  what  to  buy,  how 
to  set  it  up  and,  of  course,  how  to  fix  it. 
Now  you  know  how  doctors  feel. 

You’re  not  alone.  In  a  recent  survey  of 
1,500  Network  World  readers,  more  than  90%  reported  being 
asked  for  advice  about  home  networks. 

And  we’re  here  to  help. 

We  understand  the  irony  of  your  situation.  You  work  with 
high-end  enterprise  technology  all  day,  and  when  you  go 
home  your  next-door  neighbor,  your  brother-in-law  and 
your  pastor  all  expect  you  to  know  off  the  top  of  your  head 
whether  Linksys’  new  media  adapter  uses  802.11b  or 
802.1  lg  wireless  and  why  there’s  a  dead  spot  in  the  kitchen. 

Because  Network  World  is  the  leader  in  network  knowl¬ 
edge,  it’s  natural  we’d  bring  you  Network  Life:  The  Expert’s 
Guide  to  the  Connected  Home. 

Technology  Editor  Keith  Shaw  and  I  will  show  you  the  lat¬ 
est  connected  products  and  technologies,  emerging  trends 
and  industry  news,  hands-on  product  tests  —  everything 
you  need  to  keep  up,  informed  and  ready  to  meet  the  home 
network  demands.  We’ll  have  some  fun  along  the  way  too, 
bringing  you  tales  from  the  field  as  well  as  fun  and  games 
for  the  time  you’ll  save  by  reading  Network  Life. 

The  Network  Life  Web  site  will  add  additional  content, 
including  Buyer’s  Guides  that  link  to  e-commerce  sites,  vir¬ 
tual  tours  of  high-end  connected  homes,  a  tech  primer  col¬ 
umn  and  more. 

Welcome  to  Network  Life,  a  tool  to  help  you  survive  the  life 
you’re  living. 

—  Toni  Kistner 
Editor 
tkistner@nww.  com 


November  2  9, 


2  0  0  4 


N  e  t  w 


o 


r  k 


L 


3 


NEWS 


Bingo!  Entrust 
plays  to  win 

IHA’s  home  inte¬ 
grator  initiative 

Web  cam  catches 
crook  in  the  act 


Entrust  brings  two-factor 
authentication  to  consumers 


Imagine  the  impact  on  the  financial  industry  if  everyone 
who  banks  online  today  stopped  —  and  instead  went  back  to 
their  local  branches? 

Banks  and  other  financial  institu¬ 
tions  fear  hackers,  phishers  and  iden¬ 
tity  thieves  are  scaring  people  away 
from  conducting  online  business.  In  a 
recent  online  survey  by  market 
research  firm  Greenfield  on  behalf  of 
Entrust,  65%  of  the  2,000  respondents 
said  the  protection  of  their  online  identity  would  influence 
their  choice  of  bank,  and  22%  said  they  would  switch  banks 
to  get  better  protection. 

The  solution  lies  in  creating  a  two-factor  authentication 
product  for  the  masses  —  a  way  to  provide  strong  identity 
protection  that’s  inexpensive  and  easy  for  everyone  to 
understand  and  use. 

Entrust  is  banking  on  the  bingo  card. 

Not  just  any  bingo  card,  but  a  U.S.-patented  bingo  card.  It’s 
the  cornerstone  of  Entrust’s  new  Identity  Guard  product,  in 
beta  now  with  Entrust  customers.  Issued  to  individual  con¬ 
sumers,  each  bingo  card  displays  a  unique  grid  of  characters 
—  there  are  10  to  the  50th  combinations,  says  Chris  Voice, 
Entrust’s  vice  president  of  secure  identity  management. 

When  users  log  on  to  their  bank  accounts  (or  healthcare 
provider  site,  or  retailer)  they  type  in  their  usernames  and 
passwords;  then  the  system  presents  two  (or  three)  chal¬ 
lenges:  “Look  up  C5,  look  up  B9,  look  up  A4”  and  users  then 


Demo  Card  Entrust’ 


A 

B 

C 

D 

E 

F 

G 

H 

I 

J 

1 

1 

7 

3 

9 

3 

4 

5 

5 

4 

9 

2 

9 

2 

5 

3 

6 

2 

8 

4 

1 

3 

3 

4 

6 

9 

1 

4 

6 

2 

8 

0 

7 

4 

1 

5 

2 

4 

8 

5 

0 

1 

7 

2 

5 

6 

8 

6 

8 

1 

7 

4 

0 

8 

0 

QCopyo^i*.  2004  EnS'ua*  AH  ngtto  i 


find  the  coordinate  and  type  in  their  corresponding  numbers. 

The  plastic  cards  will  live  in  your  wallet  and  be  issued  by 
banks,  credit  card  firms  or  ISPs.  Banks  will  first  issue  cards  to 
their  customers  for  banking  transactions,  but  eventually  you 
could  use  them  to  conduct  all  your  online  business. 

“The  card  is  very  resistant  to  brute  force  attack,”  Voice 
says.  “Even  if  someone  intercepts  the  logon,  all  they  see  are 
two  coordinates  out  of  all  those  different  grid  locations.” 

Recently  AOL  and  RSA  Security  teamed  to  offer  AOL  cus¬ 
tomers  a  hardware  token  keyfob,  AOL  Passcode,  which  costs 
$9.95  each  and  $1.95  to  $4.95  per  month. 

“That’s  great  for  customers  willing  to  buy  it,”  Voice  says. 
“But  we  wanted  to  create  a  token  issuers  can  produce  for 
pennies  a  pop  that  costs  consumers  little  or  nothing.” 


Home  networks  worldwide  forecast:  2004-2008 

By  2008,  there  will  be  36.67  million 
home  networks  in  the  U.S, 
according  to  IDC. 

uk#t 

( in  ^ 

40 


NEWS  NOTES 


MORE  MUSIC  THAN  SOP/ 


IHA  launches  Home 
Integrator  Initiative 


Digital  Mind  has  released  the  first 
lOOG-byte  music  player  and  storage 
device.  The  new  DMC  Xclef  connects  to 
PCs  and  Macs  via  USB  and  can  hold  as 
many  as  25,000  music  files  —  as  well  as 
back  up  a  hard  disk  or  two.  The  device 
boasts  a  20-plus-hour  battery  life,  studio- 
quality  direct  encoding,  voice  recording, 
FM  radio  and  FM  recording.  It  supports 
MP3 ,  WMA,  WAV  and  ASP  file  formats.The 
lOOG-byte  version  costs  $449;  40G-,  60G- 
and  80G-byte  versions  start  at  $249. 


Two-second  commute.  Nearly 
4.2  million  people  worked  at 
home  in  2002,  up  from  3.4  mil¬ 
lion  in  1990,  according  to  a  new 
U.S.  Census  Bureau  report.  The 
Census  counted  people  older 
than  16  who  usually  work  from 
home,  and  discounted  part- 
time  home  workers.  More 
recent  estimates  from  the 
American  Community  Survey 
show  4.5  million  worked  from 
home  in  2003.  For  det^|,  head 
to:  www.census.gov/population 
/www/cen2000/phc-t35  .html 


Tivo  to  go.  Orb  Networks 
announced  a  service  that  lets 
you  access  all  your  multimedia 
content,  including  TV  feeds, 
over  any  Web-connected 
device.  Downloading  Orb  soft¬ 
ware  on  a  Media  Center  PC  cre¬ 
ates  a  secure  link  between  the 
content  and  Orb’s  central  serv¬ 
er.  You  then  log  onto  the  Orb 
Web  site  from  a  smart  phone, 
laptop  or  PDA  to  access  the 
content.  Support  for  non-Media 
Center  PCs  is  coming  soon,  the 
company  says.  You  also  can 
access  the  system  remotely;  for 
instance,  use  your  cell  phone  to 
program  your  PVR  to  record  a 
show.  That  way,  if  you  don’t 
make  it  home  in  time,  you  can 
view  it  on  your  cell  phone.  The 
service,  available  by  press 
time,  will  cost  $9.99  per  month 
for  the  first  household  user, 
then  an  additional  $3.99  per 
user  per  month,  www.orb 
networks.com 


My  first  robot.  iRobot  has  sold 
more  than  one  million 
Roomba  Robotic  Floor- 
vacs,  (left),  since 
introduced  in  2002. 
Roomba’s  infrared 
sensors  let  it  fol¬ 
low  walls,  avoid 
stairs  and  concen¬ 
trate  on  particu¬ 
larly  dirty  areas. 
Models  start  at  $150. 
www.irobot.com 


Mind’s  DMC  Xclef 


The  Internet  Home  Alliance  —  a 
group  of  computer,  consumer  elec¬ 
tronics  and  home  appliance  manufac¬ 
turers  —  has  launched  a  program 
aimed  at  growing  the  nascent  home 
network  integrator  market. 

Systems  integrators  who  want  to 
earn  certification  in  home  technology 
products  and  services  now  have  two 
paths:  Take  courses  from  the 
Computing  Technology  Industry 
Association  (CompTIA),  or  the 
Custom  Electronic  Design  & 
Installation  Association  (CED1A). 
CompTIA  focuses  more  on  computing 
and  networking;  CED1A  on  consumer 
electronics. 

So  IHA  has  stepped  in  to  work  with 
both  —  as  well  as  a  host  of  others  — 
to  develop  one  set  of  standards  for 
home  technology  integrators. 


womenetw^2008 


“We  want  them  talking  apples  to 
apples,”  says  Tim  Woods,  IHA’s  vice 
president  of  ecosystems  develop¬ 
ment.  “And  we  want  consumers  to 
have  peace  of  mind  that  the  people 
they’re  letting  into  their  homes  are 
people  they  can  trust.” 

The  group’s  first  step  was  to  pro¬ 
duce  the  free  white  paper,  “Net  Gain: 
Advancing  the  Market  for  Home  Tech¬ 
nology  Integrators,”  which  offers 
a  baseline  set  of  education  standards 
and  makes  recommendations  for 
how  the  industry  can  promote  home 
integrators. 

IHA  also  has  developed  a  Web  site 
where  you  can  type  in  a  ZIP  code  to 
return  a  list  of  local  certified  integra¬ 
tors.  “This  is  how  we  ensure  this  mar¬ 
ket  moves  forward  faster,”  Woods 
says. 


NEWS 


Broadband  buzz 

Now  grandma  can  install  DSL  herself.  2Wire,  which  devel¬ 
ops  residential  gateways  and  software,  recently  launched 
Greenlight,  an  automated  installation  system.  Greenlight 
doesn’t  require  the  end  user  to  load  a  CD  or  handle  manual 
installation  and  authentication  routines.  Instead,  you  just 
plug  the  2Wire  HomePortal  into  the  PC  and  a  phone  line. 
Part  of  2Wire’s  Component  Management  System,  Greenlight 
also  makes  it  possible  to  provision  DSL  in  non-PC  house¬ 
holds  where  gaming,  video  or  VoIP  applications  are  primary. 
2Wire  says  Greenlight  could  reduce  service  provider  sup¬ 
port  costs  by  as  much  as  70%. 

More  than  60%  of  online  households  would  consolidate 
their  communications  services  under  one  provider  if  it 
meant  saving  $20  per  month,  according  to  the  new  report 
from  Parks  Associates,  “Bundled  Services:  Analysis  and 
Forecasts.”  Only  43%  said  they  would  switch  to  a  bundle 
without  a  cost  incentive.  The  study,  which  surveyed  4,000 
online  households,  also  found  that  74%  of  those  likely  to 
upgrade  to  broadband  in  the  next  12  months  would  sub¬ 
scribe  to  a  bundle  for  voice,  video  and  data. 

Worldwide  broadband  modem,  router  and  gateway  rev¬ 
enue  increased  5%  to  $1.7  billion  and  units  increased  15% 
from  first  to  second  quarters  2004,  says  Infonetics 
Research’s  Broadband  Gateway  biannual  report.  The  report 
predicts  revenue  will  grow  to  $4.8  billion  and  units  increase 
141%  by  2007.  North  America  accounts  for  more  than  a  third 
of  total  revenue;  Europe,  Middle  East  and  Africa  also  have  a 
third,  followed  by  Asia  Pacific  with  nearly  one-quarter,  and 
Caribbean  and  Latin  America  with  5%.  www.infonetics.com 


Virtual  House  calls 

Philips  launched  a  pilot  study  to  test  a  secure  healthcare 
communication  platform  that  connects  chronic  disease 
patients  to  their  care  providers  via  the  TV.  Philips  will  test 
the  Motiva  platform  with  60  patients  of  the  Cardiovascular 
Associates  of  the  Delaware  Valley  (CADV).  Comcast  has  pro¬ 
vided  the  cable  broadband  connections.  The  goal  is  to  help 
patients  and  cut  healthcare  costs,  78%  of  which  is  spent 
managing  chronic  conditions,  Philips  says. 


Not-so-safe  at  Home 

A  study  of  329  online  households  conducted  by  the 
National  Cyber  Security  Alliance  and  AOL  found  most 
people  have  a  false  sense  of  security: 


60% 

said  they  feel  safe 
from  hackers 

67% 

don’t  use  a 

firewall 

73% 

said  they  think  they’re 
safe  from  viruses 

67% 

don’t  have 
anti-virus  software 

77% 

said  they  think  their 
computer  is  safe  from 
online  threats 

72% 

don’t  have 
a  secure  firewall 
(with  no  open  ports) 

D-Lixilt  Webcam 
foils  robbery 


'  '  . 

-JflJxJ 

£le  gdt  yew  FjvortM  Took  rjeJp 

wrm 

4- Beck  »  *♦  '  j3  (2  _£jF«voritw 

^ 'd 

Afldrw  [£]  http;/ypcq.homelp.net(Hom#.h»fn 

3  ^<io  irir*  * 

1 


ocs-yoo 

Fast  Ethernet  Internet  Camera 


mm 


I  gj  Framed  7755494 11 773S82 fp* 


Pedro  Gonzalez  bought  a  D-Link  Systems 
Webcam  (DCS  900)  to  keep  an  eye  on  his 
fiancee’s  beloved  Yorkie,  but  wound  up  nab¬ 
bing  a  burglar  instead.  The  Yorkie  spends  his  days 
sleeping  on  the  living  room  couch,  so  the  29-year-old 
Miami  resident  aimed  the  camera  there.  But  the  very 
first  time  he  logged  on,  he  saw  his  TV,  not  the  dog,  sit¬ 
ting  on  the  couch.  Then  a  silhouette  passed  by. 

“Dude,  there’s  somebody  in  your  house!”  exclaimed 
a  co-worker,  who  had  the  smarts  to  press  the 
“printscreen”  key,  capturing  a  shot  of  the  intruder. 

When  Gonzalez  told  the  911  dispatcher  there  was 
someone  in  his  house,  she  didn’t  understand. 

“You’re  at  your  house  right  now?”  she  asked. 

“No,  I’m  watching  my  house  —  from  work.” 

“You  can  see  the  man  now?”  she  asked. 

“I’m  looking  right  at  him,”  he  said. 

Because  the  day  was  clear,  Gonzalez  could  see 
through  his  living  room  window  the  burglar  backing 
his  white  Bronco  up  the  driveway.  Gonzalez  jumped 
in  his  car,  and  met  the  police  at  his  house.  The  burglar 
was  apprehended  2  miles  away,  the  Bronco  full  of 
Gonzalez’s  stuff. 

And  the  Yorkie?  Gonzalez  found  him  cowering  in  a 
bedroom  closet,  unharmed. 


G  Network 


Life 


November 


2  9  , 


2  0  0  4 


REVIEWS 


Mirra  Personal 
Server  2.0 

Axis  260  Wireless 
Network  Camera 

Linksys  Phone 
Adapter  (PAP2) 


Mina  2.0  is  the 
sequel  that  succeeds 

Automatic  file  backup,  synchronization  and  remote  access  in  one  box. 


■  BY  JAMES  GASKIN 

Instead  of  recommending  a  home  file 
server,  which  sounds  complicated  and 


Q  6k*  • 


2  Group  bv:Cre*e(S  6y 


'  J  Stato  -  BookopSRe 

E52XE25I 


Sharing  (TJ  Addroso  Book  f  □  Activity  Log- ) 


5  cem«t*Ofc>  y  oui  IralnitHO*. 


Backup  and  Restore 


Thesiteieturt  contiiHCusi  b  JRae  x  »  V 


Backjp  tasks 

►  UHtn&w-. 

►  twin t- 

►  «**©» 

Restore  Tasks 

►  is  IS*  t»«o «A«r... 

Fdey  Folder  Tasks 

►  Oosr 

►  Skere- 

►  Fw®e* 


Sire  Sync  irorizod  Pol  - 

-  Cierlari  B*  Me  ITamu’  cr  co-neu.  ’ATHLON  in 

,3  Favor te*  6  KB  C  gteumcria  «rs 

k  t  My  OMvnerSs  23a  MB  E  My  Doarrera 

£$NyMuK  I3CM0  CMvNmk 

,T  Oufect  &c/mi  62!  KB  C'Ottum  grd  S*»r.»  ianeatlseai  Sra-os^ccii.sto*  C«s  Ue-,bu« 

-  Created  By  "KMC  PRO"  oe  conputn  ’AMD-FRO* 

Active 
*»•"* 
yt  bot&st-a 
&Om 

»  .  »«Q 

iS  r,iieCe»k 


Utt  Actt.Sy:  Sra.o  xocaxi  fWE'M*  Dtbrfi.tnU' 


Vv^.  ..  .  ^  r  * 


Mirra’s  client  software  can  monitor,  back  up  and 
synchronize  files  between  local  PCs. 


scary,  why  not  suggest  friends  and 
family  buy  an  automatic  back-up  box 
that  lets  them  access  files  via  the  Web. 

Mirra  Personal  Server  1.0  used  client 
software  to  monitor  and  back  up  files 
from  one  or  more  PCs  to  a  specialized 
back-up  server.  But  the  new  Version 
2.0  takes  a  giant  step  forward  by  acting 
as  a  file  synchronization  server  be¬ 
tween  local  PCs. 

Setup  took  just  a  few  moments. 
Slightly  larger  than  a  fat  phone  book, 
the  Mirra  fits  on  a  bookshelf  where  it 
can  connect  via  Ethernet  cable  to  a 
modem  or  router.  Configured  as  a 
DHCP  client  by  default,  the  system 
searches  the  net  and  configures  itself. 

Installing  the  client  software  was 
more  involved  because  Mirra  relies  on 
Microsoft’s  .Net  framework.  If  a  PC  has 
a  problem  with  .Net,  as  our  XP  Pro  SP1 
did,  expect  to  do  some  reinstalling  and 
driver  updating.  The  client  installed 


smoothly  on  our  Windows  2000  and 
XP  Home  SP2  PCs. 

After  typing  in  a  ponderous  25-char¬ 
acter  alphanumeric  key, 
the  client  application 
discovered  the  Mirra 
hardware  on  the  net¬ 
work  and  back-up  con¬ 
figuration  began. 

You  can  tag  local  fold¬ 
ers  on  local  PCs  for 
automatic  backup  via 
the  Mirra  client  or  by 
right-clicking  the  folder 
name  and  choosing 
“Add  to  Mirra  Backups.” 
When  selected,  the  fold¬ 
er  copy  begins  immedi¬ 
ately,  but  leaves  enough 
CPU  cycles  so  other 
work  can  continue.  Restoration  from 
the  Mirra  client  lets  you  choose  earlier 
file  versions  and  redirect  files  to  new 
locations.  File  versions 
aren’t  visible 
unless  users  drill 
down,  and  the 
most  recent  copy 
is  the  default. 

When  Mirra 
owners  register 
the  device  at 
Mirra.com,  they 
set  up  a  user- 
name  and  pass¬ 
word  that  lets 
them  access  files 
and  folders  on 
the  Mirra  box  remotely  via 
the  Web.  They  can  share  access  to 
specific  folders  with  remote  users  by 
sending  an  e-mail  with  a  link  to  the  invi¬ 
tee’s  username  and  password. 


The  Mirra  server  is  not  publicly  view¬ 
able  on  the  Web.  Instead,  proprietary 
Mirra  software  brokers  connections 
between  remote  browsers  through 
Mirra.com  to  reach  through  network 
address  translation  software  on  an  un¬ 
identified  port  through  firewalls,  com¬ 
municated  from  the  Mirra  server  up  to 
Mirra.com. 

Mirra  2.0’s  best  feature  is  folder  syn¬ 
chronization.  Owners  can  specify  fold¬ 
ers  to  be  synchronized  between  two  or 
more  local  PCs,  and  all  changes  appear 
on  all  synched  systems.  Automatic 
synching  to  remote  PCs  would  make  it 


Mirra  Personal  Server  2.0 

Price:  $400  (80G  bytes),  $500 
(120G  bytes),  $750  (250G  bytes). 
Installation  time:  Less  than  30 
minutes. 

Ongoing  maintenance:  Set  and 

forget. 


Bottom  Line:  Worth  the  money, 
and  you’ll  be  a  hero  when  you 
pull  lost  files  out  of  thin  air. 


perfect,  but  today  you  still  have 
to  manually  shuffle  files  from  re¬ 
mote  sites. 

Deleted  files  are  retrievable  from 
Mirra  (unless  actively  purged), 
saving  users  from  mis-click  disas¬ 
ters.  You  can’t  save  multiple  back¬ 
up  sets  like  tapes,  but  keeping  deleted 
files  available  is  a  good  alternate. 

Gaskin  has  helped  small  and  midsize 
businesses  use  technology  intelligently 
since  1986.  Write  to  him  at  readers@ 
gaskin.com. 


November  29 


2  0  0  4 


Network  Life  ~J 


REVIEWS 


Video  monitoring 
without  wires 

Axis  206  Wireless  Network  Camera  is  ‘set  and  forget.’ 


WMtea  nr.** 


■  BY  TOM  HENDERSON 

Wait  ‘til  your  novice  networkers  dis¬ 
cover  IP  video  cameras.  You’ll 
get  no  peace.  They’ll  want  to 
watch  the  kids  sleep,  moni¬ 
tor  the  patio  for  raccoons, 
spy  on  remodeling  contrac¬ 
tors  in  the  basement;  you 
name  it. 

One  choice  is  the  new  Axis 
206  Wireless  Network  Cam¬ 
era.  Because  it  uses  802.11b, 
you  can  place  it  anywhere 
within  reach  of  a  power 
outlet.  The  camera  is 
very  small  (2.5-by-5- 
by-1. 5-inches),  and  light. 

We  tested  it  on  a  network  with  three 
802.1  lb/g  access  points  (from  D-Link, 
Proxim  and  Linksys). 

The  included  software  is  for  Windows 
only,  but  if  your  wireless  LAN  supplies 
DHCP,  you  can  skip  it.  Setup  was  easy. 
We  programmed  initially  with  a  directly 


Axis  206W 

Price:  $299 

Installation  time:  About  1  hour 
Ongoing  maintenance:  Set 

and  forget. 


Bottom  Line:  A  nice,  if  generic, 
Wi-Fi  camera  fit  for  light  use. 


connected  mini-USB  cable,  al¬ 
though  the  camera  had  already 
found  its  IP  address  through  the 
default  DHCP  setting.  The  camera 
needed  only  a  Wired  Equivalent 
Privacy  key  and  a  password  to  go  live. 

The  Web  server  tools  adjust  video, 
compression,  ‘titling,’  and  so  on,  simply. 
Your  users  might  have  trouble  with  the 
video  image  settings,  which  are  buggy. 
For  instance,  we  couldn’t  get  a  black- 
and-white  image  to  display.  As  browsers 
go,  Microsoft’s  Internet  Explorer 


worked,  but  Apple’s  Safari  and  Opera 
Software’s  browser  didn’t.  A  Windows 
Pocket  PC  version  of  the  software 
worked  easily  with  Pocket  Explorer  on  a 
Compaq  3500  series  iPaq  running  a 
Cisco  350  Wi-Fi  card. 

Using  no  compression,  the  maximum 
image  size  of  640  by  480  pixels  has  a 
about  a  70K  byte/sec  data  rate.  Because 
the  camera  uses  802.11b,  this  slowed 
our  802. llg  network  significantly. 

To  view  the  camera  remotely  the 
206W  can  use  the  AXIS  Dynamic  DNS 
server,  which  lets  you  access  it  through 
the  Internet  (conditions  permitting). 
This  usually  means  opening  a  port  or  a 
direct  proxy  with  a  router  to  proxy  the 
connections  needed  by  the  camera’s 
Web  server  and  an  external  client 
browser. 

One  downside  is  you  can’t  see  real¬ 
time  image  changes  when  adjusting  the 
video  image.  At  best,  latency  was  about 
a  second,  at  worst,  about  3.  The  frame 
rate  was  about  10  frames  per  second. 

Henderson  is  principal  researcher  and 
managing  director  of  Extremelabs  in 
Indianapolis.  He  can  be  reached  at  then 
derson@extremelabs.  com. 


linksys  simplifies  VoIP 


Explaining  VoIP  takes  longer  than  setting  this  up. 


Linksys  Phone  Adapter  (PAP2) 


■  BY  KEITH  SHAW 

It’s  only  a  matter  of  time  before  some¬ 
one  asks  you  to  help  install  a  VoIP  sys¬ 
tem  like  the  Linksys  VoIP  Adapter 
(PAP2).  Setup  is  quick;  explaining  how 
VoIP  works  might  take  a  while. 

The  PAP2  is  a  small  box  with  an  Ether¬ 
net  port  to  connect  to  a  router  or 
modem,  and  two  phone  ports.  In¬ 
stallation  equals  plugging  the  right 
cords  into  the  right  jacks. 

Connecting  a  cordless  phone  is  smart 
because  the  router/modem  might  not 
be  in  the  best  place  for  a  phone. 

Our  biggest  problem  was  trying  to 
find  the  device’s  little  stand  (we  had  to 
dig  through  the  box).  Allow  some  time 
for  setting  up  the  service  with  Vonage 
through  its  Web  site.  Users  will  need 


your  expertise  to  help  choose  call¬ 
ing  plans  and  features.  We  tested 
the  Vonage  bundle,  but  Linksys 
also  sells  the  PAP2  with 
Verizon’s  VoiceWing 
Broadband 
Phone 
Service. 

Once  the 
account  and 
service  are  activated, 
the  Web  interface  makes  it  easy 
for  users  to  manage  features  and  serv¬ 
ice.  The  interface  displays  a  log  of  all 
in-  and  outbound  calls,  and  a  link  to 
voice  mail  lets  them  play  voice  mail 
messages  as  audio  files  on  the  PC. 
Tasks,  such  as  changing  the  number 
calls  are  forwarded  to,  are  simple. 


Price:  $60,  with  service  plans  from  $15 
to  $50  per  month. 

Installation  time:  Less  than  one  hour. 

Ongoing  maintenance:  Very  little. 


To  test  voice  quality,  we 
made  and  received  local  and 
long-distance  calls.  Voice  quality  was 
consistently  good,  similar  to  a  land¬ 
line  voice  call,  with  the  occasional 
garble,  crackle  or  echo.  We  didn’t 
notice  any  data  degradation  while 
making  a  VoIP  call  —  our  networked 
computers  surfed  the  Web  without 
hiccups.  ■ 


8  Network  Life 


November  29, 


2  0  0  4 


Bumpy  ride  to 
Home  networking 


Early  adopters  think  nothing  of  chucking  last  year’s 
gear;  consumers  are  another  story 


When  people  ask  me  what 
home  network  gear  they 
should  buy,  I  always  say, 
“Wait  a  while,  the  really  cool  stuff  is  just 
around  the  corner.”  But  now  that  some 
of  the  really  cool  stuff  is  finally  here, 
that  answer’s  just  not  flying. 

But  to  me,  a  router’s  not  just  a  router. 
It’s  a  market  vision  expressed  in  design, 
chipsets,  specifications  and  interfaces. 
In  packaging,  documentation  and  price. 

Tech  Spy  gives  me  the  chance  to  fig¬ 
ure  out  what’s  really  going  on  —  and 
what  it  means  to  you  and  yours.  Clues 
to  where  this  market  is  headed  are  evi¬ 
dent  in  all  sorts  of  little  choices  ven¬ 
dors  and  industry  leaders  make  along 
the  way. 

For  instance,  Sonos  is  developing  a 
whole-home  audio  system  that  uses 
wireless  mesh  network  technology. 
Very  cool,  but  what  got  me  most  excit¬ 
ed?  The  four-port  switch  built  into  the 
controller  box.  What  do  I  need  four 
ports  for?  I’ll  figure  that  out  later.  Sonos 
was  thinking  smart. 

For  the  most  part,  consumer  electron¬ 
ics  companies  don’t  think  about  ports 
or  connecting  things,  so  they’re  slow  to 
build  Wi-Fi  radios  and  Ethernet  ports 
into  their  TVs  and  stereos.  For  the  most 
part,  we’re  seeing  Microsoft’s  Media 
PCs,  media  adapters  and  media  exten¬ 
ders:  gear  that  cobbles  together  con¬ 
sumer  electronics  and  PC  equipment. 

But  early  stuff  is  kludgy;  media  exten¬ 
ders,  whose  job  is  simply  to  “extend” 
media  streaming  from  your  Media  PC  to 
a  second  TV  via  802.1  lg,  are  huge.  They 
need  to  be  alarm-clock-sized,  or  better, 
integrated  into  the  TV. 

In  Japan,  Sony  sells  a  TV  with  an 


802.11a  interface.  Here,  the  first  enter¬ 
tainment  networks  rely  on  the  PC  as  the 
center  of  the  universe.  A  hint  that 
Windows  might  not  be  the  best  plat¬ 
form?  Toshiba  has  built  a  mini  version 
of  Linux  into  its  Qosmio  multimedia 
laptops  that  loads  media  instantly  — 
no  waiting  for  Windows  to  boot  up. 

Today,  the  “digital  home”  isn’t  really 
here.  It  won’t  actually  arrive  until  we’ve 
got  a  stable,  ubiquitous,  high-band¬ 
width  network  backbone  in  place  to 
stream  content  to  all  our  home  devices; 
or  until  we  can  stream  our  content  to 
wherever  we  are  (car,  mobile  phone/ 
PDA,  friend’s  home  devices). 

In  the  meantime,  we’re  buying  prod¬ 
ucts  we  might  not  want  in  a  year  or  two. 
Of  course,  early  adopters  think  nothing 
of  this.  But  consumers  expect  an 
802.1  lg  router  to  last  as  long  as  a  car. 

You’ve  got  to  prepare  them  for  a 
bumpy  ride  to  whole-home  networking 
—  especially  if  they  insist  on  going 
wireless.  Just  as  we  cozy  up  to  our 
802.1  lg  networks,  Intel,  Linksys, 
Netgear,  HP  and  Dell  have  begun  push¬ 
ing  802.11a  to  stream  video.  The  reason 
is  smart:  802.1  lb/g  runs  at  the  2.4-GHz 
band,  which  has  only  three  channels 
and  is  filling  up  fast.  So  use  802.1  lg  for 
voice  and  data,  and  802.11a  and  its  24 
channels  in  the  near-empty  5-GHz  band 
for  video. 

But  not  everyone  is  convinced.  D-Link 
says  it’ll  add  802.11a  when  the  market 
demands  it.  Apple  says  never.  Atheros 
designed  a  single  chip  containing  both 
802.11a  and  802. 1  lg  radios,  which 
should  drive  down  cost,  but  such  prod¬ 
ucts  are  months  away. 

But  wait.  Just  when  802.11a/g  prod¬ 


SPY  REPORTS 


The  Wi-Fi  Alliance  began  certi¬ 
fying  consumer  electronics  prod¬ 
ucts  with  Wi-Fi  Multimedia 
(WMM)  support.  Part  of  the  up¬ 
coming  IEEE  802.  lie  standard  for 
QoS,  WMM  prioritizes  streams  of 
content  and  optimizes  network 
bandwidth  allocation  among 
competing  applications,  www. 
wifialliance.net 

Broadcom  recently  offered  its 
SecureEZSetup  specification  to 
the  Wi-Fi  Alliance’s  Easy  Setup 
Task  Group.  The  software  lets 
users  configure  WPA  by  answer¬ 
ing  two  questions  and  is  expected 
soon  in  some  Linksys  products. 
www.broadcom.  com 

One  group  to  watch  is  the 
Digital  Living  Network  Alliance. 
The  165-member  consortium  of 
consumer  electronics,  IT  and 
mobile  equipment  makers,  is 
pushing  for  a  set  of  design  guide¬ 
lines  that  ensure  home  network 
products  interoperate.  Version  1.0 
supports  802.11,  JPEG,  LPCM, 
MPEG2,  UPnP,  IPv4  and  HTTP. 
Version  2.0,  expected  next  year, 
will  tackle  digital  rights  manage¬ 
ment.  www.dlna.org/home 


ucts  gain  critical  mass  in  2005,  100M 
bit/sec  802.1  In  gear  will  appear  in  2006. 

Belkin  recently  shipped  Wireless  Pre- 
N  routers  and  notebook  cards  with 
108M  bit/sec  data  rates.  Products  are 
backward-compatible  with  802.1  lb/g 
gear,  but  not  802.1  la.  The  Wi-Fi  Alliance 
insists  future  802.1  In  gear  will  be  back- 
ward-compatible  with  both. 

Send  tips  to  techspy@nww.com. 


November  29, 


2  0  0  4 


Network 


Life 


9 


96 


Safe' 


Haw  ta  be  the 
ga-ta  guy  with¬ 
out  going  crazy 


■  BY  JAMES  GASKIN 

No  matter  how  carefully  you  hide  your  work 
identity  around  friends  and  neighbors,  one 
day  you’re  bound  to  hear  that  dreaded 
question:  “Don’t  you  work  with  computers?” 


■ 

Skfj  * 


You  might  have  just  signed  an  order  for  12,000  new  PCs, 
turned  downtown  Cleveland  into  a  Wi-Fi  hot  spot,  or 
swam  across  the  Pacific  dragging  a  new  transoceanic 
fiber  cable  in  your  teeth,  but  that  doesn’t  matter. 

The  next  question  will  be:  “My  PC  won’t  connect  to 
my  router  anymore,  but  it  still  sees  my  laptop. 

Can  you  fix  it?” 

David  Sturm  is  vice  president  of  IT  for  the  New 
York  Public  Library.  He  supports  3,200  staff  mem¬ 
bers  in  90  facilities. 

Steven  Foley  is  assistant  vice  president  for  net¬ 
work  services  for  Evanston  Northwestern 
Healthcare,  a  three-hospital  system  outside 
Chicago.  He  has  a  $15  million  budget  and  man¬ 
ages  nearly  80  people. 

Allen  Gwinn  is  the  senior  director  of  technology 
for  the  Edwin  L.  Cox  School  of  Business  at  Southern 
Methodist  University  (SMU)  in  Dallas.  His  staff  of  26 
full-time  employees  and  part-time  student  workers 
support  200  staff  and  faculty,  and  5,000  students. 

These  guys  have  a  hard  time  saying  no  when  people  ask 
for  help.  They’re  happy  with  the  balance  they’ve  struck  between 
helping  friends  and  family,  and  relaxing  away  from  technology.  Follow 
their  examples,  and  you  might  strike  your  work/life  balance  on  a  bicycle,  a  foot¬ 
ball  field  or  even  under  water. 


HAL  MAYFOR 


IQ  Network  Life 


November 


2  9  , 


2  0  0  4 


Paper  gown  consultant: 

Sturm’s  wireless  home  network  connects  his  12-year- 
old’s  computer  to  a  cable  modem,  as  well  as  the  PC 
Sturm  and  his  wife  share.  He  doesn’t  share  files 
between  the  systems  because  he’s  “horrified”  by  the 
malware  hiding  in  his  son’s  PC. 

Sturm  enjoys  opening  new  systems  used  by  the  New 
York  Public  Library  but  admits  “the  staff  hovers 
over  me  to  make  sure  I  don’t  do  too  much  dam¬ 
age.”  When  he  goes  to  help  friends,  he 
sometimes  wishes  he  could 
take  some  staff  along,  too. 
Although  his  son 
stopped  playing  base¬ 
ball  a  year  ago,  Sturm 
remains  the  IT  depart¬ 
ment  for  the  baseball 
league  because  players 
are  easier  to  replace 
than  technologists  who 
create  Web  sites. 

“Our  Web  site  saves  coordinators  about 
100  phone  calls,”  Sturm  says,  “but  putting 
registration  and  other  info  online  takes 
time.”  Yes,  but  less  time  than  registering 
players  and  coordinating  teams  via  telephone,  so  how 
can  Sturm  refuse? 

During  a  recent  doctor  visit,  Sturm  admitted  his  pro¬ 
fession.  Doctors  take  notes  longhand  during  exams, 
and  his  asked  for  a  better  way.  “So  we  discussed 
some  options.  Some  of  his  questions  were 
quite  detailed,”  Sturm  says.  Next  time 
you’re  thinking  of  a  quick  answer  to  a 
technical  question,  imagine  doing  so 
while  wearing  a  paper  gown  open  in 
the  back. 

“You  have  to  keep  your 
sense  of  humor  and  don’t  be 
afraid  to  say  that  you  don’t 
know,”  Sturm  says.  He  cau¬ 
tions  about  using  that 
excuse  too  often  though, 
because  friends  will  think 
you’re  just  blowing  them 
off. 

Years  ago,  a  good  friend 
started  a  business  and  called 
Sturm  with  some  simple  ques¬ 
tions.  The  calls  got  more  frequent 
and  overwhelmed  Sturm’s  ability  to 
answer  until  it  ruined  the  friendship.  “I’m 
more  cautious  now,”  he  says. 

You  can’t  fix  every  technical  problem  for 
friends  and  family,  but  non-technical  people  don’t 
know  where  the  boundaries  are.  If  a  friend  really  wants 
a  problem  solved,  that  person  will  call  a  contractor  or 


■■The  technical 
problem  bears  no 
resemblance  to  the 
description  by 
the  end  user.  VI 


Allen  Gwinn, 

Senior  Director  of  Technology 

Southern  Methodist  University 


(feWhen  helping  a 
neighbor’s  son  build  a 
computer  for  his 
community  college  class 
homework,  be  polite 
when  painting  out  they 
forgot  to  buy  RAM. 

Steven  Foley,  Assistant  VP 
^  :lk  for  Network  Services 

'  '-JSbfc  Evanston  Northwestern 
;  i - ...  £  TTjfe  _  He  al  the  axe 


It  \ 


1 


lany  people  ha 

computers  that  are 
ancient  and  covered 
in  dust.  .  .  .  You  know  if 
you  touch  anything, 
nothing  will  work  and 
the  vendors  will  tell  you 
to  upgrade  everything. 
Suggest  the  person  get 
a  new  computer. 

David  Sturm,  Vice  President  of  IT 
New  York  Public  Library 


consultant  you  recommend.  If  that  friend  still  wants  you  to 
fix  it  for  free,  heed  the  warning  bells  in  your  head. 

Crazy  Bill’s  network 

Foley’s  home  network  includes  two  PCs  sharing  files,  a 
printer  and  a  DSL  connection  over  a  wireless  network  fast 
enough  to  support  Foley  and  his  son’s  online  games.  Family 
and  neighbor  support  takes  Foley  between  five  and  eight 
hours  per  month. 

Foley  and  his  11-year-old  son  play  Diablo  online;  his  son 
sometimes  plays  online  with  his  grandfather  in  Pittsburgh. 


November  29, 


2  0  0  4 


Network  Life  11 


Once,  Foley  spent  four  hours  on  the  phone  trying  to  fix  the 
mess  his  sister  made  installing  a  CD-ROM  drive  for  their  par¬ 
ents.  “1  was  running  back  and  forth  from  the  phone  in  the 
kitchen  to  the  PC  in  the  study,”  Foley  recalls.  Finally,  the  only 
resolution  was  to  make  a  trip  home  to  help  in  person. 

Foley  might  control  a  supercomputer  and  support  equip¬ 
ment  designed  to  defy  death  at  his  hospitals,  but  “neighbors 
always  see  me  as  a  PC  tech,”  he  says.  Take  Crazy  Bill,  across 
the  street. 

When  Crazy  Bill  asked  for  help,  Foley  “gave  him  some  old 
computers,  set  them  up,  networked  them  for  the  kids  and 
continues  to  do  everything  for  them  I  do  for  my  own  PCs,”  he 
says.  All  Crazy  Bill’s  computers  are  in  the  kitchen,  connected 
with  patch  cables  through  a  wiring  hub.  When  Crazy  Bill  Jr. 
deletes  the  wrong  file,  Foley  replaces  it.  This  from  a  man 
“with  a  Unix  administration  background,”  he  says. 

How  can  you  not  be  amused  when  you  help  your  neighbor¬ 
hood’s  Crazy  Bill  set  up  a  kitchen  command  center? 

Doing  good  works 

Gwinn’s  network  is  more 
advanced  than  most.  During 
construction  he  installed 
structured  wiring  throughout 
his  house  that  terminates  at  a 
central  point,  making  wiring 
changes  a  snap.  He  recently 
rewired  with  Category  5e 
cabling  to  support  higher  net¬ 
work  speeds,  and  uses  Wi-Fi 
throughout.  His  wife  and  two 
kids  each  have  their  own  PC, 
and  the  server  closet  off  the 
study  includes  Web,  e-mail 
and  VoIP  servers.  His  1 1  VoIP 
phones  route  through  Aster¬ 
isk  open  source  PBX  software  on  a  Linux  system  to  the 
Internet  through  a  6M  bit/sec  business-class  DSL  line. 

“Once  you’re  known  for  being  able  to  fix  computer  prob¬ 
lems,  you’re  always  on  call,”  Gwinn  says.  “Your  cell  phone  is 
not  sacred.”  He  estimates  he  spends  about  30  hours  per 
month  helping  family  and  friends,  which  fits  with  his  philos¬ 
ophy  at  work.  “Support  folks  not  because  you  have  to  but 
because  you  want  to,  and  your  job  gets  more  rewarding.” 

In  the  summer  of  2002,  Gwinn  and  about  100  volunteers 
spent  12  hours  installing  two  Category  5  twisted  pair 
Ethernet  network  drops  in  Hexter  Elementary’s  18  temporary 
classrooms,  linking  them  all  to  the  school’s  network. 

“We  have  a  real  ‘Leave  it  to  Beaver’  neighborhood,”  Gwinn 
says,  “but  two-thirds  of  the  families  are  below  the  poverty 
line.”  The  school  zone  straddles  a  range  of  demographics,  as 
do  many  Dallas  schools.  “The  Internet  is  the  best  teaching 
tool,”  he  says.  “It  doesn’t  make  sense  to  not  have  it  in  every 
classroom.” 

Gwinn  will  soon  take  on  a  Boy  Scout  troop’s  Web  site  design 
chores.  “1  hope  to  set  it  up  in  15  or  20  hours  so  they  can  main¬ 
tain  it  from  there.”  Gwinn  likes  kids,  whether  his  own,  Boy 


Scouts  or  SMU  students.  “All  due  respect  to  the  faculty  and 
staff,  but  the  most  important  people  there  are  the  students.” 

Deep  down  IT  serves  others,  so  helping  others  after  hours 
follows  suit.  By  leveraging  your  knowledge,  and  maybe  some 
drivers  and  spyware  cleaning  software,  you  can  make  people 
happy  again. 

Downtime,  unplugged 

All  three  agree  that  downtime  requires  non-electronic  activ¬ 
ities.  Never  underestimate  the  value  of  fresh  air  —  or  com¬ 
pressed  air,  as  in  Gwinn’s  case. 

Gwinn  took  his  first  scuba  diving  vacation  in  late  September 
and  loved  it  despite  some  eardrum  bruising.  “Down  below 
the  water,  you  know  the  cell  phone  won’t  ring,”  he  says.  Cell 
phones  also  have  trouble  reaching  Boy  Scout  campgrounds, 
which  Gwinn  and  his  son  visit  regularly. 

There  are  no  computers  on  a  football  field  full  of  sixth 
graders,  and  Foley  is  happy  about  that.  He’s  the  head  coach 
of  his  son’s  football  team. 

“After  mostly  sitting  in  an 
office  at  work,  I  recharge  my 
batteries  with  football.  It’s 
great  to  run  around  and  spend 
time  with  my  son,”  he  says. 

Foley  might  need  to  relax 
from  his  relaxation.  As  the 
vice  president  of  football 
operations  for  his  son’s 
league,  he  must  find  coaches, 
set  schedules  and  find  play¬ 
ers  uniforms.  At  least  his  wife 
can’t  complain;  she’s  the 
league  treasurer,  cranking 
out  financial  spreadsheets 
while  he  cranks  out  team 
schedules. 

Come  basketball  season,  Foley  coaches  his  son’s  park  team. 
For  individual  exercise,  he  plays  on  flag  football  and  basket¬ 
ball  teams.  Foley  and  his  son  and  daughter  each  have  black 
belts  in  tae  kwon  do. 

Sturm  says  “riding  a  bike  in  New  York  City  is  not  as  danger¬ 
ous  as  it  used  to  be,”  because  he  now  can  reach  Central  Park 
via  new  bike  paths  along  the  Hudson  River. 

Collecting  also  can  be  relaxing.  Sturm  collects  antique  sur¬ 
veying  and  scientific  instruments  and  related  books.  Foley 
likes  modern  first  editions.  Gwinn  keeps  gadgets,  including  a 
mint-condition  TI-59  graphing  calculator  and  a  working  Os¬ 
borne  I  computer.  But  he  no  longer  has  his  MITS  Altair  8080. 

Last:  word 

Sharing  your  knowledge  is  part  of  community  give  and  take, 
and  good  karma  besides.  The  router  firewall  you  configure 
tonight  might  return  as  the  wood  lathe  you  need  next  week 
or  the  plumber’s  snake  you  need  the  week  after. 

Gaskin  is  a  technology  writer  in  Dallas.  He  can  be  reached  at 
readers@gaskin.  com. 


Good  boy! 

Gerry  Geisel,  who  handles 
database  and  administrative 
tasks  for  the  Cincinnati  Police 
Department,  needed  to  buy 
dog  food,  only  the  register 
computers  couldn't  log  on  to 
the  pet  store’s  network. 

Geisel  spied  an  unplugged 
wiring  hub  behind  the  register, 
plugged  it  in  and  the  register 
connected, 

“I  got  a  20%  discount  on 
my  dog  food." 


HAL  MAYFORTH 


12  Network 


Life 


November  29 


2  0  0  4 


Protect  Your  Sound  &  Video  Equipment 
With  Tripp  Lite  Home/Business  Theater  Power  Protection! 


YOU  Paid  For! 


: 


C  .  ;y„ 


Peak  Performance! 

Sharper,  Crisper  Video 
Deeper,  Fuller  Audio 
Longer  Component  Life  Span 


Tripp  Lite  has  adapted  its  award-winning 
isobar  technology  for  the  home/business 
theater  market!  Now  you  can  enjoy: 


Ultimate  Protection 

Superior  surge-blocking  architecture/highest 
joule  ratings  in  their  class  provide  the  best 
protection  available 


Enhanced  Audio/Video  Performance 

Exclusive  line  noise  filtering  technology  delivers 
crystal  clear  signals 


Continuous  Viewing  During  Blackouts 
(UPS  system  only) 

Battery  backup  support  preserves  recorder/ 
receiver  settings  and  programming 


HTI500UPS 
UPS 


•  3  hr.  runtime 
(recording)/!  5  min. 
runtime  (viewing)* 

•  8  outlets;  6  ft.  cord 

•  I  -line  coaxial  (gold) 
surge  protection 

•  I  -line  tel/modem 
surge  protection 

•  USB  port;  software  for 
automatic  PC  receiver 
shutdown 

•  $100,000  Insurance 


HTPOWERBARIO 
Isobar6  Surge 
Suppressor 


•  1 0  outlets;  8  ft.  cord 

•  5700  joule  rating 

•  Input  voltage  LED  set 

•  Isolated  Filter  Banks; 
metal  housing 

•  3-line  coaxial  (gold) 
surge  protection 

•  I  -line  tel/modem  surge 
protection 

•  $500,000  Insurance 
with  Data  Recovery 
Warranty 


HTIODBS 
Isobar®  Surge 
Suppressor 


•  1 0  outlets;  8  ft.  cord 

•  3570  joule  rating 

•  Isolated  Filter  Banks; 
metal  housing 

•  3-line  coaxial  (gold) 
surge  protection 

•  I  -line  tel/modem/ 
network  and  I  -line 
tel/modem  surge 
protection 

•  $500,000  Insurance 
with  Data  Recovery 
Warranty 


*  Typical  runtime  based  on  VCR  recording.  Actual  runtime  may  vary  based  on  battery  condition  and  load. 


HTI0I0SAT3 
Surge 
Suppressor 


•  1 0  outlets;  1 0  ft.  cord 

•  3345  joule  rating 

•  3-line  coaxial  (gold) 
surge  protection 

•  I  -line  tel/modem/ 
network  surge 
protection 

•  $250,000  Insurance 
with  Data  Recovery 
Warranty 


Win  an  HTPOWERBARIO 

Home/Business  Theater  Surge  Suppressor!  $299 .99  value,  msrp 

Register  online  at  WWW.tripplite.COITl/htpromo  for  your  chance  to  win  the 
ultimate  home/business  theater  surge  suppressor! 

No  purchase  necessary.  Valid  through  12/31/04. 


•  7  outlets;  6  ft.  cord 

•  1 680  joule  rating 

•  2-line  coaxial  surge 
protection 

•  I  -line  tel/modem  surge 
protection 

•  $100,000  Insurance 


•  7  outlets;  6  ft.  cord 

•  1080  joule  rating 

•  I  -line  coaxial  surge 
protection 

•  $50,000  Insurance 


For  more  information, 
visit  www.tripplite.com/hometheater 

TRIPPUTE 


POWER  PROTECTION 


I  I  I  I  W.  35th  Street,  Chicago,  IL  60609 
773.869.1234  •  www.tripplite.com 


HARRY  CAMPBELL 


1 1 

!  1 

In 

1  ! 

j  i 

1  ! 

li  j 

■  BY  JEFF  VANCE 


You’ve  heard  the  question  a  million  times:  I’m  ready  for  broad¬ 
band,  but  what  should  I  get?  Neighbors,  friends  and  relatives 
pepper  you  with  questions  about  price,  speed  and  customer 
service.  They  turn  to  you  because  you  were  an  early  adopter. 
But  that  means  you  haven’t  thought  about  the  data  pipe  into  your  house 


for  some  time. 

Since  you  signed  up  (likely  for  the  first  service  avail¬ 
able  in  your  area),  cable’s  gotten  faster,  DSL’s  gotten 
less  expensive,  satellite  broadband  doesn’t  always 
require  line  of  sight,  and  wireless  ISPs  are  popping  up  to 
cover  the  dead  zones.  Your  users  are  blinded  by  choic¬ 
es  —  from  basic  packages  to  supersized  pipes  with  stat¬ 
ic  IP  addresses  —  from  a  wide  range  of  providers. 

With  broadband  options  running  amok  and  the  land¬ 
scape  in  flux,  it’s  time  to  revisit  broadband  —  if  not  for 
yourself,  then  to  help  field  those  never-ending  broad¬ 
band  questions. 

Before  you  can  give  advice,  you  have  to  know  your 
users’  needs.  Are  they  simply  checking  e-mail  and 


doing  some  casual  Web  browsing,  or  do  they  expect  to 
connect  their  Xbox  and  trade  multimedia  files?  Is  the 
key  consideration  price  or  speed?  Are  emerging  VoIP 
services  enticing,  or  is  e-mail  still  considered  a  new¬ 
fangled  contraption? 

“Eighty  percent  of  users  are  satisfied  with  basic 
services,”  says  Mike  Wolf,  principal  analyst  with  In- 
Stat/MDR.  “They  don’t  seek  higher  and  higher 
speeds,  and  they  wouldn’t  necessarily  know  what  to 
do  if  they  had  them.” 

Because  basic  services  can  mean  anything  from 
e-mail  to  interactive  gaming,  it’s  important  to  know 
your  users.  To  help,  give  them  the  short  quiz  on  page  5. 


14  Network  Life 


November  29, 


2  0  0  4 


Helping  your  users  get 
the  most  Dut  uf  their 
broadband  service. 


1.  What  is  most  important  to  you  in 
an  Internet  service? 

a.  Low  price. 

b.  High  speed. 

c.  Premium  content. 

d.  Being  able  to  get  service  at  all. 

2.  When  I’m  online,  I’m  usually _ . 

a.  Only  e-mailing. 

b.  Instant  messaging,  watching  videos 
and  playing  interactive  games. 

c.  Selling  stuff  on  eBay. 

d.  Waiting  for  a  page  to  load. 

3. 1  spend _ hours  online  every 

day. 

a.  Less  than  one. 

b.  If  I’m  awake  I’m  online. 

c.  Six  to  eight,  or  an  average  workday. 

d.  Not  that  many  because  my  service 
is  so  slow. 

4.  When  it  comes  to  combining  com¬ 


munications  service  (jphone,  Internet, 
TV),  you  are _ . 

a.  Skeptical,  I  don’t  want  to  give  all  of 
my  business  to  one  company. 

b.  All  for  it;  it  makes  life  easier. 

c.  It  doesn’t  matter  because  my 
employer  picks  up  the  tab. 

d.  Still  waiting  for  services  to  arrive, 
so  I  can  bundle  them. 

5.  Choose  one  thing  you  used  to  do 
offline  that  you  do  online  today. 

a.  I  can’t  really  think  of  anything  other 
than  e-mail. 

b.  Listening  to  music,  playing  games, 
placing  phone  calls  —  there’s  too 
much  to  list. 

c.  My  job. 

d.  Not  as  much  as  I’d  like  because  I’m 
stuck  with  dial-up. 

6.  If  new  services  such  as  video  mail 
and  interactive  gaming  don’t  work 


Life  in  the  slow  lane 

If  In-Stat/MDR’s  Wolf  is  right,  there  are 
plenty  of  people  who  really  don’t  need 
broadband. 

If  you’re  dealing  with  someone  who’s 
satisfied  with  their  current  service  or 
who  is  exceptionally  cost-conscious, 
they  probably  have  no  reason  to  switch 
from  dial-up.  Chances  are  they’re  ques¬ 
tioning  you  about  broadband  to  make 
conversation,  or  are  looking  for  assur¬ 
ances  that  dial-up  isn’t  going  away. 

Recommendation:  As  DSL  prices 
drop,  recommend  a  low-tier  DSL  serv¬ 
ice,  which  is  competitive  with  dial-up 
but  offers  better  service. 

Speed  demons 

Give  speed  demons  a  big  enough  pipe, 
and  they’ll  find  the  applications  to  fill  it. 
Photo  sharing,  music  swapping,  stream¬ 
ing  media,  interactive  gaming,  VoIP  and 
video  on  demand;  they’re  all  over  it. 

As  you  start  layering  applications,  the 
need  for  speed  spikes.  In  terms  of  raw 


bandwidth,  cable  is  still  the  champ. 
Just  as  the  telcos  upped  their  speeds 
to  1.5M  bit/sec  to  match  cable’s,  cable 
companies  upped  the  ante  to  3M  or 
even  4M  bit/sec. 

Both  cable  and  DSL  providers  are 
courting  speed  demons.  “This  has 
become  a  price  vs.  speed  game,”  says 
Lindsay  Schroth,  an  analyst  with  The 
Yankee  Group.  “DSL  companies  are 
dropping  prices  to  compete  with  cable. 
Cable  companies  won’t  drop  their 
prices,  so  they  respond  by  adding 
capacity.” 

At  the  high  end,  Comcast  and 
Adelphia  each  offer  3M  bit/sec  speeds 
for  $42.95,  and  4M  bit/sec  speeds  for 
$52.95  and  $59.95,  respectively.  DSL 
carriers  don’t  typically  offer  compara¬ 
ble  speeds,  but  there  are  exceptions. 
SBC,  for  instance,  offers  3M  bit/sec  for 
$36.99  (see  graphic,  page  16). 

Recommendation:  If  price  is  most 
important,  DSL  wins  out  —  especially  if 
your  user  doesn’t  plan  to  run  new  serv- 


2 


well  over  your  current  service,  you 
will _ . 

a.  Not  know  the  difference  because  I 
doubt  I’ll  need  this  stuff. 

b.  Switch  Internet  providers  without 
hesitation. 

c.  Complain  but  probably  stick  with 
what  I  have. 

d.  When  I  get  something  to  switch  to, 
I’ll  take  it. 


Quiz  key: 

If  your  user  answered  (a)  to  most 
questions,  he  is  satisfied  with  life  in 
the  slow  lane. 

If  he  answered  (b)  to  most  questions, 
you’re  dealing  with  a  speed  demon. 

If  he  answered  (c)  to  most  questions, 
you’re  helping  a  teleworker. 

If  he  answered  (d)  to  most  questions, 
broadband  availability  is  the  biggest 
challenge. 


ices  such  as  voice  and  video.  If  he’s  itch¬ 
ing  for  VoIP,  online  gaming  and  video  on 
demand,  then  cable  is  the  only  choice. 

IVIy  home  is  my  office 

Nearly  44  million  people  in  the  U.S.  — 
one-third  of  the  workforce  —  will  work 
at  home  at  least  part  time  this  year, 
according  to  In-Stat/MDR.  For  these 
users,  broadband  is  a  given. 

At-home  workers  are  similar  to  speed 
demons  because  they  access  their  cor¬ 
porate  LANs  from  home  and  many 
aspects  of  the  business  world  have 
moved  online.  Moreover,  as  real-time 
applications  such  as  VoIP  and  telecon¬ 
ferencing  are  added  to  the  mix,  the  need 
for  consistent  speed  arises.  But  consis¬ 
tent  speed  is  hard  to  measure. 

Both  cable  and  DSL  are  shared  media, 
so  if  many  people  in  your  area  are  online 
at  once,  the  connection  speeds  can  slow 
down.  Distance  from  the  central  office 
also  affects  throughput.  DSL  signals 
degrade  over  distance,  but  most  cable 

0  0  4 


November  29, 


Network  Life  15 


Snapshot  of  top  residential  providers 


Rank  !  ISP 


;  Download  Upload 

Service  Speed  Speed 


Comcast 


Time  Warner 


Cable 


Cable 


Verizon 


Charter 


Bell  South 


!  Cablevision 
Adelphia 


Qwest 


Cable 

Cable 


Cable 

Cable 


3M  bit/sec  256K  bit/sec 
4M  bit/sec  384K  bit/sec 
3M  bit/sec  384K  bit/sec 
1 .5M  bit/sec  1 28K  bit/sec 
3M  bit/sec  384K  bit/sec 
1.5M  bit/sec  384K  bit/sec 


1 M  bit/sec  1 28K  bit/sec 
384K  bit/sec  1 28K  bit/sec 
3M  bit/sec  256K  bit/sec 
256K  bit/secjl28K  bit/sec 
1 .  5M  bit/sec  256K  bit/sec 


Price 

$42.95 

$52.95* 

$44.95 

$26.95 

$36.99 

$29.95 

$39.95 

$39.99 

$49.99 

$29.95 

$39.95 


3, 5M  bit/sec  j  999K  bit/sec  $49.95 
3M  bit/sec  256K  bit/sec  $42.95 
4M  bit/sec  5 1 2K  bit/sec  1  $59 . 95 
1.5K  bit/sec  896K  bit/sec  j  $31.99 


*Note:  Cable  Internet  prices  tend  to  be  higher  if  not  bundled  with  a  cable  TV  service. 
Sources:  The  Yankee  Group,  BroadbandReports.com,  Above  Companies. 


offerings  provide  consistent  throughput 
throughout  their  coverage  areas. 

Service  providers  all  claim  they  have 
consistent  speed,  but  an  independent 
Web  site,  Broadband  Reports  (www. 
broadbandreports.com)  compares  the 
performance  of  various  providers.  It 
also  features  price  comparisons,  speed 
charts  and  subscriber  feedback. 
Bandwidth  Place  (http://bandwidth 
place.com/speedtest/),  offers  tools  for 
testing  your  connection  speed. 

But  what  if  your  user’s  speed  doesn’t 
meet  his  expectations?  Residential 
service  contracts  offer  speed  esti¬ 
mates,  but  don’t  guarantee  specific 
levels.  Customer  service  is  difficult  to 
quantify,  although  Broadband  Reports 
does  provide  user  reviews. 

There  are  two  options.  Broadband 
providers  have  begun  offering  tiered 
services,  which  typically  add  1M  to 
1.5M  bit/sec  downstream  and  100K  to 
300K  bit/sec  upstream  bandwidth  for  an 
extra  $10  to  15  per  month.  But  these 
service  levels  aren’t  guaranteed  either. 

Recommendation:  If  your  user  works 
from  home  only  a  few  hours  per  week 
and  doesn’t  run  many  latency-sensitive 
applications,  residential  DSL  should  fit 
the  bill.  But  also  ask  whether  this  home 
office  might  eventually  expand  and 
move  off-site.  Commercial  offices  aren’t 
typically  wired  for  cable,  so  if  he  doesn’t 
want  to  use  different  providers  for 
home  and  work,  choose  DSL. 

If  the  user  teleworks  frequently  and 
relies  on  business  tools  such  as  online 
conferencing,  then  higher-bandwidth 
cable  service  is  the  better  choice. 

Recommend  business-class  service  if 
the  user  runs  a  home  business  that 
includes  several  PCs  and  a  Web  server, 
or  if  he  relies  on  Web-  or  videoconfer¬ 
encing.  Business-class  services  offer 
static  IP  addressing  and  Web  hosting, 
and  usually  better  bidirectional 
throughput.  Basic  business-class  serv¬ 
ices  start  at  about  $99. 

Out:  in  the  country 

“In  the  country”  might  be  a  mis¬ 
nomer  because  “rural  and  under¬ 
served”  can  mean  anything  from  the 
far  reaches  of  Montana  to  a  new  sub¬ 
urban  ring  where  broadband  has  yet 
to  penetrate. 


Many  underserved  areas  are  rolling 
out  wireless  broadband,  or  fixed 
wireless,  services.  These  Wireless 
Internet  Service  Providers  (WISP) 
typically  offer  a  “last-mile”  Internet 
connection  over  unlicensed  spec¬ 
trum  bands.  Some  require  a  clear  line 
of  sight  to  the  tower,  but  newer  wire¬ 
less  technologies  don’t.  Because 
these  are  community-based  efforts, 
availability,  pricing  and  speeds  range 
considerably. 

For  example,  Prairie  iNet,  which 
offers  service  in  Iowa  and  Illinois,  pro¬ 
vides  512K  bit/sec  download  and  200K 
bit/sec  upload  for  $50  per  month,  plus 
setup  fees  ranging  from  $200  to  $500 
depending  on  length  of  contract.  For 
similar  speeds  from  Teton  Wireless, 
users  pay  $80  per  month  if  they  live  in 
Montana,  but  only  $40  if  they  live  in 
Idaho.  Teton  Wireless  also  charges  ap¬ 
proximately  $200  for  equipment  and 
installation. 

A  good  place  to  find  whether  service 
is  available  in  your  area  is  the 
Broadband  Wireless  Exchange  (www. 
bbwexchange.com). 

Another  option  is  satellite  broadband 
from  providers  such  as  Hughes  Network 
Services  (HNS)  and  StarBand.  However, 


satellite  service  is  more  expensive  than 
other  broadband  options. 

DirecWay  offers  download  at  400K 
bit/sec  and  upload  at  56K  bit/sec  for 
$60,  plus  $600  for  setup.  For  telecom¬ 
muters,  many  satellite  services  don’t 
support  VPN  connections.  StarBand 
offers  a  wider  array  of  service  plans, 
with  equipment  costs  in  the  $400  to 
$600  range  and  monthly  costs  varying 
from  $50  to  $70,  depending  on  con¬ 
tract  length. 

Recommendation:  Fixed  wireless  is 
typically  less  expensive  than  satellite, 
but  might  require  a  clear  line  of  sight  to 
the  tower.  Otherwise,  satellite  might  be 
your  only  option. 

Competing  needs 

In  the  real  world,  users  don’t  fit  into 
neat  categories.  Many  households  will 
have  more  than  one  type  of  user,  say  a 
kid  who  plays  interactive  games  and 
parents  content  with  light  e-mailing. 
However,  because  broadband  is  fast 
becoming  a  commodity,  it  might  make 
sense  to  defer  to  whomever  needs  the 
highest  speeds.  As  more  segments  of 
our  daily  lives  migrate  online,  there’s 
little  chance  that  bandwidth  will  be 
wasted.  ■ 


IE  Network 


Life 


November  29 


2  0  0  4 


For  the  home.  For  the  office.  For  the  home  office 


Be  first  to  get  your  hands  on 


70  new  technologies. 


Seating  is  limited, 
so  register  now  to 
enjoy  a  preferred  rate 
and  $500  savings. 


This  is  the  one  event  that  lets  you  see,  touch  and  harvest  70  of  the 
most  promising  new  technologies  before  anyone  else.  Innovations 
that  will  transform  the  way  we  all  work  and  play. 

You'll  also  get  to  try  out  the  coolest  consumer  products  presented  in 
a  home  environment.  It's  Living  Digital,  and  at  show's  end  we'll  be 
raffling  it  all  away  for  you  to  take  home. 


www.demo.com/D5A  1 S 
or  call  800-643-4688 


TiVo,  Java  and  Palm  Pilot  launched  here.  What's  next?  That's  the 
big  question  you'll  find  the  answer  to  at  DEMO@15! 


PR  PARTNER 


PORTER 


DEMO@15! 


NOVELL! 


FEBRUARY  13-15 


SCOTTSDALE,  AZ  I  1  5  YEARS  OF  TECHNOLOGY  IN  BLOOM 


Cisco  executive  put  it  best  recently:  The  home  network  is 
no  longer  the  domain  of  Dilbert,  but  of  Dagwood  and 
Blondie.  Family-friendly  boxes  dominate  the  shelves  at 
Best  Buy,  CompUSA  and  even  Wal-Mart;  Ethernet  ports  and  wireless 
radios  are  being  built  into  everything  from  video  cameras  and  stor¬ 
age  devices  to  stereo  equipment. 


Your  home 
network 
checklist  for 
the  coming 

year. 


You  can  bet  on  two  things:  Some  of  this  first-generation  gear  won’t 


for 


1:  Volf* 

Just  like  in  the  enterprise,  VoIP  lets  consumers 
save  money  by  merging  their  voice  and  data  lines 
into  a  converged  network.  VoIP  services  let  you  view 
a  call  log  online,  forward  calls  on  the  fly  and  have 
voice  mails  sent  to  your  e-mail  box. 

AT&T’s  CallVantage  service  adds  features  like  “Do  Not  Disturb,” 
which  automatically  transfers  calls  to  voice  mail,  and  “Find  Me, 
which  can  direct  a  call  to  up  to  five  phones. 

Money-saving  features  include  the  ability  to  choose  an 
area  code  from  anywhere  in  the  country.  If  you  live  in 
New  York  and  your  parents  live  in  Santa  Clara,  you 


attach  correctly;  and  when  things  don’t  work  like  advertised  on  the 
box,  your  friends  and  family  will  call  you,  the  local  tech  expert. 

One  strategy  is  to  help  folks  make  smart  choices  at  the  out¬ 
set.  Here  we  highlight  five  technologies  mature  and  stable 
enough  to  recommend.  While  the  install  might  not  be 
one-click  simple,  the  benefits  to  your  users  outweigh  any 
installation  or  support  problems  that  might  arise. 


18  Network  Life 


November  29, 


2  0  0  4 


request  the  Santa  Clara  408  area  code  so  you  can  call  them 
“locally.”  But  international  calling  rates  will  still  apply. 

Another  great  feature  of  VoIP  is  mobility.  You  can  bring  your 
VoIP  box  when  traveling  and  plug  it  into  your  room’s  bedside 
phone  and  the  hotel’s  high-speed  modem  and  make  calls  the 
same  as  you  do  at  home.  It  even  works  overseas,  with  the 
proper  power  converters. 

Hardware  vendors  have  begun  introducing  VoIP  equipment. 
Linksys  is  shipping  a  phone  adapter  with  Vonage  service  from 
Verizon’s  VoiceWing.  AT&T  Call  Vantage  gives  users  a  D-Link 
Systems  adapter,  and  Netgear  announced  a  phone  adapter  and 
wireless  broadband  adapter  with  phone  ports. 

2:  Storage 

It  seems  corporate  users  are  always  going  over  their  storage 
limits  for  e-mail  and  network  files.  But  now  consumer  users 
face  the  same  problems  as  they  try  to  stuff  all  their  digital  pho¬ 
tos,  music  files  and  home  videos  into  their  PCs. 

Now’s  the  time  to  educate  them  on  the  benefits  of  home  net¬ 
work  storage.  Instead  of  just  buying  a  bigger  hard  disk  or  sec¬ 
ond  USB  drive  for  a  single  PC,  a  network-attached  storage 
device  such  as  the  Buffalo  Technology  LinkStation  lets  you 
transfer  all  the  MP3  files  and  photos  to  one  central  location, 
shareable  by  all  the  PCs  on  the  network.  Rather  than  have  var¬ 
ious  files  strewn  across  multiple  PCs,  putting  them  all  on  one 
dedicated  device  makes  them  easy  to  organize  and  find.  You 
can  free  up  space  on  your  PC  by  transferring  files  to  the  net¬ 
work  storage  device  or  send  copies  to  the  storage  device  for 
safe  keeping.  Many  also  include  back-up  software. 

Going  a  step  further,  the  new  Version  2.0  of  Mirra  Personal 
Server  backs  up  files  to  the  Mirra  in  real  time  and  lets  users 
securely  access  them  over  the  Web. 

3:  Wireless/Power  line 

After  getting  broadband,  odds  are  the  first  home  network 
gear  your  users  bought  was  a  wireless  access  point  or  router. 

But  because  the  range  of  802.11b  doesn’t  always  cover  the 
entire  house,  you  might  be  helping  to  install  range  extenders 
or  even  a  second  access  point.  Or  you’re  advising  users  to  up¬ 
grade  to  54M  bit/sec  802.1  lg  equipment  to  increase  perform¬ 
ance  and  range. 

A  complementary  technology  is  power-line  networking.  The 
HomePlug  1.0  equipment  is  easier  than  wireless  to  install 
I  and  can  provide  network  coverage  where  wireless  can’t. 

HomePlug  1.0  gets  14M  bit/sec-rated  speeds,  which  yields 
about  6M  bit/sec  actual  throughput,  faster  than  802.11b. 

All  the  major  home  network  vendors  offer  power-line  gear. 
Netgear  recently  shipped  a  dual  wireless  power-line  adapter 
(WGXB102)  and  Wall-Plugged  Ethernet  Bridge  (XE102)  built 
specifically  to  extend  a  wireless  network. 

Faster  power-line  technology  is  coming  soon.  In  2005,  expect 
the  first  products  with  Intellon’s  new  “turbo  mode”  85M 
bit/sec  chipset.  Built  for  entertainment,  the  technology  will  be 
backward-compatible  with  HomePlug  1.0  gear,  and  it  will  yield 
a  10M  to  15M  bit/sec  data  rate  —  far  from  the  85M  bit/sec 
rated  speed,  but  more  than  double  today’s  products. 


N  o  v  e  m 


Next  year  also  will  see  the  ratification  of  HomePlug  AV.  The 
next-generation  specification  will  get  200M  bit/sec  rated 
speeds  —  actual  throughput  will  be  half  that,  but  100M  bit/sec 
is  plenty  to  handle  multiple  HDTV  streams. 

4:  Security 

Make  a  vow  to  educate  your  friends  and  relatives  about  the 
need  for  better  home  network  security.  Just  getting  them  to 
keep  on  top  of  the  latest  patches  from  Microsoft  will  help  cut 
down  the  number  of  after-hours  calls  you  get. 

Also  teach  them  about  application-specific  security,  such  as 
proper  anti-spam,  anti-virus  and  anti-spyware  protection. 

When  you  install  a  wireless  network,  you  must  install  at  least 
Wired  Equivalent  Privacy  (WEP),  and  Wi-Fi  Protected  Access 
(WPA)  if  the  equipment  supports  it.  More  wireless  networks 
are  being  installed  in  the  U.S.,  and  sooner  or  later  the  teenager 
down  the  street  might  start  experimenting  with  wardriving. 

Because  most  vendors  turn  off  wireless  security  by  default, 
most  users  don’t  bother  to  configure  it.  Either  take  the  time  to 
help  or  point  users  to  products  from  Linksys  and  Buffalo  that 
include  software  that  simplifies  WEP  and  WPA  configuration 
down  to  a  few  questions  or  the  push  of  a  button. 

5:  Media  adapters 

There’s  no  rule  that  a  home  network  has  to  be  boring. 

Audiophiles  know  that  Turtle  Beach  created  the  networked 
audio  player  market  with  its  Audiotron  in  2001.  Since  then,  lots 
of  vendors  have  introduced  devices  that  stream  PC-based 
MP3  files,  photos  and  video  to  the  stereo  and  TV,  respectively. 

Devices  that  stream  content  wirelessly  have  had  mixed  re¬ 
sults.  Videostreaming  has  been  disappointing  because  the  cur¬ 
rent  802.11  standards  lack  QoS.  But  audiostreaming  has 
worked  well,  giving  rise  to  a  new  crop  of  audio-only  devices 
from  Netgear,  Linksys,  D-Link  and  others. 

Apple’s  AirPort  Express,  which  has  a  built-in  access  point, 
gives  users  who  download  music  from  Apple’s  iTune’s  music 
service  a  way  to  stream  music  from  PC  to  stereo  wirelessly. 

But  vendors  won’t  give  up  on  a  box  that  streams  both. 
D-Link’s  new  $199  MediaLounge  DSM-320  wireless  media 
player  connects  to  a  TV  and  stereo  and  lets  you  wirelessly 
(802. 1  lg)  stream  music,  video  and  photos  from  a  PC. 

There’s  also  ViewSonic’s  Wireless  Media  Gateway,  which 
promises  to  stream  video  from  one  TV/monitor  to  another 
over  a  wireless  connection.  Instead  of  using  a  PC,  the  device 
includes  an  80G-byte  (or  120G-byte)  hard  disk  drive  and 
streams  the  content  over  an  802.1  lg  connection  to  a  Wireless 
Media  Adapter  connected  to  a  TV. 

In  2005,  expect  to  see  other  companies  add  QoS  features 
using  Wi-Fi  Multimedia,  part  of  the  802. lie  QoS  specification, 
which  should  be  finished  in  2005.  Devices  that  include  net¬ 
work  connectivity  to  transmit  audio,  photos  or  video  will  be 
big  in  the  coming  years. 

Shaw  is  technology  editor  and  Kistner  is  editor  of  Network  Life. 
They  can  be  reached  at  kshaw@nww.com  and  tkistner@nww. 
com,  respectively. 


b  e  r  2  9, 


IS 


2  0  0  4 


Network 


Life 


Security 
chief 

Battling  bad  guys 

Couple  complex  network  security  with  people’s  natural 
gullibility  and  it’s  no  wonder  they’re  getting  clobbered. 


en  years  ago,  Kevin  Mitnick 
was  on  the  run  from  the  FBI 


I 


s 


when  I  took  a  research  assign¬ 
ment  for  a  book  about  the  infamous 
hacker.  Subsequently,  my  phones  were 
“phreaked”  (hacked  and  eaves¬ 
dropped)  by  Mitnick’s  friends  and 
tapped  by  the  feds,  and  my  e-mail  read 
by  all. 

Over  the  years  as  I  penned  stories 
for  Network  World,  Computerworld  and 
others  about  firewalls,  Trojan  horses, 
the  first  distributed  denial  of  service 
and  the  ILoveU  virus,  I  kept  wondering: 
If  it’s  this  hard  for  IT  to  secure  the  net¬ 
work,  what’s  going  to  happen  at  home? 

What’s  happening  is  broadband  home 
networks  are  getting  clobbered.  Home 
users  still  are  clicking  virus-laden  links 
and  opening  attachments  with  com¬ 
pelling  subject  lines. 

Most  don’t  update  their  anti-virus 
software  (62%)  and  have  misconfigured 
firewalls  (67%),  according  to  recent 
study  of  120  users  conducted  by  AOL 
and  published  by  the  National  Cyber 
Security  Alliance  (see  www.nwfusion. 
com,  DocFinder:  4535). 

Meanwhile  there  were  4,496  new 
variants  of  Windows-based  viruses 
and  worms  released  between  January 
and  June  of  this  year,  according  to 
Symantec’s  Internet  Threat  Report. 

Couple  the  complexity  of  network 
security  with  people’s  natural  gullibil¬ 
ity,  and  it’s  no  wonder  they  suffer  so 
badly  Or  as  Mitnick  put  it  to  me  dur¬ 
ing  a  phone  call  just  after  his  release 
from  prison,  “It’s  so  easy  to  fool  peo¬ 
ple  because  they  want  to  believe  you.” 

One  of  the  biggest  problems  you  and 
your  clan  face  is  spyware.  Outpacing 
viruses,  spyware  congests  90%  of  home 
networks,  according  to  the  AOL  study. 


But  because  spyware  hides  all  over  the 
system  registry,  you  just  can’t  delete  it; 
you  need  to  install  a  search  and  destroy 
program  such  as  Ad-Aware,  WebRoot’s 
SpySweep  or  Computer 
Associates’  Pest  Patrol.  These 
programs  range  in  effective¬ 
ness  so  I  recommend 
installing  at  least  two.  Some 
ISPs  like  AOL,  EarthLink  and 
AT&T  also  have  begun  offer¬ 
ing  free  spyware  protection  as 
part  of  their  services. 

But  that’s  not  the  end  of  it. 

These  utilities  don’t  run  auto¬ 
matically  so  you’ll  need  to  teach  your 
people  how  to  use  them.  Plus,  you’ll 
need  to  add  pop-up  blockers  to 
ensure  spyware  doesn’t  use  pop-up 
ads  to  reestablish  itself  on  the  system. 

We’ll  help  you  manage  home  network 
security,  covering  topics  like  the  dif¬ 
ference  between  a  desktop  firewall 
and  a  filtering  router,  and  practical 
behaviors  and  protections  for  instant¬ 
messaging  users.  We’ll  show  you  how 
to  use  parental  controls  to  set  policies 
to  protect  your  kids  from  harm  while 
protecting  the  network  from  dangers 
in  file-sharing  and  other  sites  young 
people  visit. 

We’ll  also  explore  what’s  around  the 
corner,  such  as  the  widespread  use  of 
digital  certificates  to  protect  online 
brands  and  consumers  from  phishing: 
How  can  we  make  home  users  com¬ 
fortable  using  complex  technologies? 
Another  topic  is  security  for  handheld 
devices  plugging  into  the  network: 
What  will  come  pre-loaded  and  what 
will  buyers  need  to  add? 

Working  together,  we  can  help  your 
users  make  informed  decisions  about 
the  technology  they  use. 


SECURITY  TOOLBOX 


Goad  book 

When  explaining  network  secur¬ 
ity  to  your  users,  have  on  hand 
Degunking  Windows  by  Job 

Ballew,  Jeff  Dunte- 
mann  (Paraglyph 
Press;  $16.99  at 
Amazon).  Chap¬ 
ters  explain  file 
cleanup  and  organi¬ 
zation,  spyware, 
spam,  cookies  and 
setting  up  a  Windows 
XP  Internet  Con¬ 
nection  firewall. 

Better  browser 

Mozilla  Firefox  is  rebable  and 
not  nearly  as  exploitable  as 
Internet  Explorer.  It’s  easy  to 
install  and  use,  but  because  the 
e-mail  program  was  tough  to 
configure,  I’m  still  using 
Outlook,  www.mozilla.org/ 
products/firefox/ 

Tales  from  the  front 

We’d  love  to  hear  what  home  net 
security  issues  you  face  —  and 
how  you  deal  with  them.  Write  to 
securitychief@nww.  com. 


As  Federal  Trade  Commissioner 
Orson  Swindle  told  me,  “If  people 
can  learn  how  to  get  online  and  link 
to  something  in  another  country, 
understand  it,  search  it  and  make 
purchases,  then  they  can  learn 
Internet  safety.” 

Radcliff  (www.deb.radcliff.com)  is 
a  freelance  writer  specializing  in 
online  safety  and  network  security. 


SO  Network 


Life 


November  29, 


2  0  0  4 


Reading  someone 
else's  issue  of 

NetworkWorld  ? 


Subscribe  today  and  receive  your  own 
1-year  subscription  for  FREE  - 


a  $129.00  value! 


Your  FREE  subscription  includes: 


5 1  weekly  issues  divided  by  technology  sections  including: 


>■  High  News 
Infrastructure 
»-  Service  Providers 
>-  Enterprise  Applications 
>•  Net. Worker 

Technology  Update 
>-  Management  Strategies 
OpEd 

Features/Tests 


Network  World  Signature  Series 

Six  special  issues  providing  a  comprehen¬ 
sive  overview  of  an  important  aspect  of 
the  network  industry. 

>-  Buyer's  Guides 

Comprehensive  reports  with  in-depth 
market  analysis  and  comparative  product 
reviews. 

Technology  Insider 

A  bi-monthly  multi-feature  package 
focusing  on  the  hottest  technology  topics. 


Go  to  http://subscribenw.com/mynww  for  your  free  subscription  today! 


lection 

h 


When  WEP  won’t  work 

Brmg  ’em  on;  columnist  James  Gaskin  answers  your  toughest  network  questions. 


Sure,  you’re  network  IT  professionals.  But  the  problems  you 
solve  at  work  are  nothing  like  those  you  face  at  home.  Here, 
solutions  must  be  inexpensive,  easy  to  manage  and  quick  to 
implement.  That’s  why  every  Go-to-Guy  and  Gal  needs  a  Go-to-Guy 
of  their  own.  That’s  me.  I’ve  fought  computers  for  20  years,  and  have 
published  15  books  and  hundreds  of  articles.  Got  a  computer  or  net¬ 
work  problem  that’s  keeping  you  up  at  night?  Send  it  to  me.  Here  are 


solutions  to  three  tough  ones  that 

Herman  V.:  If  encryption  is  stan- 
dards-based,  then  why  can’t  I  get  a 
Netgear  wireless  router  to  connect  with 
a  Dell  laptop  with  an  Intel  mini-PCI  wire¬ 
less  adapter  using  Wired  Equivalent 
Privacy  (WEP)?  Products  are  all  from 
big  name  companies.  Netgear  blames 
Dell,  Dell  blames  Intel,  and  Intel  doesn’t 
care  because  Dell’s  providing  support. 

Coach:  WEP  doesn’t  always  work 
because  vendors  read  the  specifica¬ 
tions  in  different  ways.  Things  are  get¬ 
ting  better,  but  the  trouble  is  that  soon 
you’ll  upgrade  your  gear  to  Wi-Fi 
Protected  Access  and  suffer  the  same 
problems  all  over  again. 

One  option  is  to  put  upgrades  to  your 
wireless  gear  on  your  Christmas  list. 
But  because  you  paid  for  these  prod¬ 
ucts  and  rightfully  expect  them  to 
work,  try  this: 

•  Reduce  the  distance  between  router 
and  laptop. 

•  Upgrade  laptop  drivers. 

•  Upgrade  access  point  drivers. 

•  Input  the  WEP  key  manually  and  use 
the  same  case  on  both  systems. 

•  Put  a  dollar  sign  ($)  in  front  of  the 
WEP  key  on  the  Dell. 

•  Set  the  Maximum  Transmission  Unit 
size  to  1450  (find  it  on  the  Advanced 
WAN  Setup  page). 

•  Replace  router  with  the  same 
model. 

•  Replace  the  mini-PC  laptop  adapter. 


recently  landed  in  my  in-box. 


COACHING  TIP 


Sick  of  fixing  Windows?  There  are 
dozens  of  Linux  distributions  to 
sample  for  free.  Several,  such  as 
Knoppix,  let  you  boot  up  and  run 
Linux  right  from  the  CD.  Visit:  knop 
pix.com;  distrowatch.com;  www. 
frozentech.com/content/livecd. 
php;  and  www.yolinux.com. 


•  Have  the  retailer  set  up  and  test 
router  encryption. 

Matt  H.:  I  need  to  work  from  a  vaca¬ 
tion  home  without  a  landline.  A  neigh¬ 
bor  with  DSL  will  let  me  connect  to  his 
wireless  net.  At  300  feet,  is  it  feasible? 

Coach:  Yes,  but  you’re  right  at  the 
edge  of  the  distance  limitation  for 
802.11b  and  802.1  lg,  and  too  far  away 
for  802.1  la.  But  there  are  ways  to  boost 
the  signal. 

Have  your  neighbor  put  the  access 
point/router  in  a  window  closest  to 
you.  Devices  with  dual  antennas  get 
better  reception,  so  consider  offering  to 
upgrade  the  unit.  If  the  router  can’t  be 
moved,  buy  a  radio  frequency  cable 
from  an  electronics  store  to  extend  the 
antenna  to  the  window  or  check  out 
optional  antennas  for  home  use. 

All  Wi-Fi  vendors  offer  boosters  and 
optional  antennas,  but  D-Link  Systems 


has  the  best  selection  I’ve  seen:  www. 
dlink.com/products/antennas.asp. 

If  you  need  to  buy  new  gear,  prod¬ 
ucts  that  transmit  more  power  get  bet¬ 
ter  range.  SMC  released  a  “High 
Power”  series  of  PC  Cards  and  USB 
adapters  last  year  that  transmit  up  to 
200  milliWatts,  four  times  higher  than 
average  gear.  Ask  vendors  for  mW  set¬ 
tings  when  buying  equipment.  They 
don’t  make  this  info  easy  to  find,  so  be 
persistent. 

Charles  B.:  Is  there  an  inexpen¬ 
sive  way  to  capture  sounds  from  Web 
sites  for  personal  use?  My  wife  needs 
teaching  materials  such  as  online  lec¬ 
tures  and  play  snippets.  The  Sound 
Recorder  in  Windows  XP  Home  doesn’t 
capture  much  material. 

Caach:  There  are  free  and  low-cost 
options  better  than  the  Recorder, 
which  only  captures  60  seconds  of 
audio  and  offers  few  editing  tools. 

For  free,  my  favorite  audio  tool  is  Aud¬ 
acity,  an  open  source  project  at  http:// 
sourceforge.net/projects/audacity. 
Choose  your  platform,  including  PC, 
Macintosh  and  Linux,  and  capture 
streaming  audio  by  clicking  the  Record 
button.  Audacity  provides  more  sound 
manipulation  tools  than  some  expen¬ 
sive  products,  and  includes  an  MP3 
encoder,  which  costs  extra  in  many 
sound  editors. 

For  inexpensive,  check  out  down¬ 
loads  at  GoldWave  (www.goldwave. 
com),  which  are  great  for  voice  manip¬ 
ulation,  and  N-Track  (www.ntrack.com) 
for  great  multi-track  music.  Also  check 
retail  products  from  Cakewalk  (www. 
cakewalk.com). 

Send  stumpers  to  connectioncoach @ 
nww.com. 


22  Network  L 


November 


2  9 


2  0  0  4 


□ff  the 
dock 

I  wanna  be 
a  fed!  Knight 


Taking  on  the  Empire  one  battle  at  a  time. 


Ever  since  the  words  “A 
long  time  ago,  in  a  galaxy 
far,  far  away...”  first 
appeared  on  the  movie  screen  in 
1977,  I’ve  been  hooked  on  “Star 
Wars.”  Kids  in  my  neighborhood 
in  upstate  New  York  didn’t  play 
Cowboys  and  Indians.  We  played 
Luke  Skywalker  vs.  Darth  Vader. 

My  other  hobby  is  playing  com¬ 
puter  games,  so  it’s  no  surprise 
that  I’ve  played  most  every  Star 
Wars-related  video  game  or  PC  game  ever  produced.  As  a  kid, 
1  spent  more  hours  playing  The  Empire  Strikes  Back  on  the 
Atari  2600  than  doing  homework  (Object:  Destroy  the  AT-AT 
with  your  snowspeeder.  Repeat  forever.)  Thankfully,  the 
games  have  gotten  better. 

A  few  years  ago,  my  first  experience  with  online  gaming 
was  with  the  Star  Wars  game  Jedi  Knight.  Of  course,  as  I 
joined  a  server  I  was  immediately  hacked  to  pieces  by 
another  Jedi  (an  eeeevil  Jedi)  with  a  light  saber.  But  since 
the  evil  Jedi  was  human  and  not  a  computer  opponent,  I 
was  hooked  all;  over  again.  Sure,  the  human  might  have 
been  cheating,  but  at  least  there  was  some  intelligence 
behind  the  animated  character. 

The  latest  game  in  the  Star  Wars  universe,  Star  Wars 
Battlefront  (LucasArts,  $50)  lets  you  take  part  in  the  larger 
battles  from  the  movies.  In  this  game,  you  play  as  a  front-line 
soldier  (or  pilot),  rather  than  the  hero.  If  you’ve  ever  wanted 
to  be  a  Stormtrooper,  here’s  your  chance. 

If  you’ve  played  the  Battlefield  1942  series  from  Electronic 
Arts,  you’ll  feel  right  at  home  in  Star  Wars  Battlefront.  You 
choose  what  type  of  soldier  you  want  to  be  (fast  infantry,  or 
slower  soldier  but  armed  with  a  missile  launcher?),  and  then 
jump  into  a  planet-side  battle  with  lots  of  other  soldiers, 
some  with  you,  some  against  you. 

Team  dynamics  are  much  more  important  than  just  rushing 
into  battle  and  shooting  everyone  in  sight.  Each  side  has 
specific  objectives  and  command  points  they  need  to  cap¬ 
ture  to  achieve  victory.  Defending  an  area  is  just  as  impor¬ 
tant  as  attacking,  and  you  get  to  choose  which  stance  to  take. 
And  when  your  character  gets  killed,  you  can  jump  in  as  a  dif¬ 


ferent  soldier  type  and  try  a  different  approach. 

The  graphics,  music  and  controls  are  top-notch;  the  design¬ 
ers  do  a  great  job  of  making  you  feel  like  you’re  a  part  of  the 
movie.  When  you  play  battles  connected  to  the  battle  of 
Hoth  or  the  battle  of  Naboo,  for  instance,  you  get  to  see  a 
movie  clip  before  the  fight  begins. 

Star  Wars  Battlefront  took  me  back  to  my  Luke  Skywalker 
vs.  Darth  Vader  battles  all  over  again. 

Shaw  has  turned  to  the  Dark  Side.  Contact  him  at  offthe- 
clock@nww.com. 


GAME  BYTES 


GameDoctar  makes  house  calls 

VoodooPC  has  launched  GameDoctor,  a  service  that 
scans  your  games  and  automatically  updates  them 
with  new  patches.  Free  for  30  days,  the  service  costs 
$15  per  year,  (www.voodoogamedoctor.com). 


Xbundle 

Microsoft  has  bundled  an  Xbox 
video  game  console,  two-month 
trial  of  Xbox  Live  service,  and  two 
games:  NCAA  Football  2005  (EA  Sports) 
and  Top  Spin  (Microsoft  Game  Studios) 
for  $150. 


Chinese  takeout: 

Meng  Yang,  aka  “Rocket  Boy,”  took  home  $125,000 
after  taking  out  Doom  3  champ  Johnathan  Wendel,  aka 
“Fatality,”  in  a  recent  Doom  3  competition  held  at  the 
Great  Wall  of  China. 

Eat:  dirt 

THQ  and  Rainbow  Studios  plan  to  ship  the  game  MX 
vs.  ATV  Unleashed  in  February  2005.  The  sequel  to  MX 
Unleashed  will  pit  all-terrain  vehicles  against 
Motocross  bikes  and  other  vehicles  against  each  other 
in  off-road  racing  action. 


November  29, 


2  0  0  4 


N 


e 


w  o 


k  Life  23 


HP 


1.  Sees  stock  devaluation  immediately. 

2.  Updates  clients’  apps  automatically. 

3.  Accesses  updated  trading  app  instantly. 

4.  Reviews  pundit  predictions  easily. 

5.  Buys  stock  in  a  snap. 


Can  you  see  it? 


Middleware  is  Everywhere. 

— — ■?,  ni — mrw. - jej — FT-7, — T  l  ■■H 

m  1  -L  r-  i,  y.i  J  I  BBS 


MIDDLEWARE  IS  IBM  SOFTWARE.  A  powerful,  collaborative 
environment  like  IBM  Workplace  that  provides  access  to 
people,  processes  and  information  on  one  open,  dynamic 
platform.  It’s  how  you  access  everything  from  content  to 
applications  to  global  partners  for  faster,  more  informed 
decision  making.  It's  how  productivity  increases.  And  it's  big 
news  for  your  business. That’s  ON  DEMAND  BUSINESS 


See  middleware  at  work.  See  how  it  helps  businesses  succeed.  See  it  at  ibm.com/rniddlewareA/vorkplace 


IBM  an^Uh^lBM  logo  are  registered  trademarks  or  trademarks  of  International  Business  Machinei^Corporatiop  Jplffe.  United  States  and/tor  other  countries^ 
j  ©20C#IBM  Corporation.  All  rights  reserved.  V  *  ,«■**’ 


Vl-Li 


w.nwfusion.com 


11/29/04 


NetworkWorid 


19 


University  takes  go-slow  approach  to  VoIP 


■  BY  CAROLYN  DUFFY  MARSAN 


Sometimes  it’s  hip  to  be  square, 
as  Huey  Lewis  and  the  News 
once  sang. 

When  it  was  time  to  replace  its  15-year- 
old  voice  systems,  the  University  of  San 
Francisco  decided  against  the  latest  IP- 
based  gear,  opting  instead  for  a  system 
that  lets  the  private  institution  migrate 
gradually  from  traditional  TDM  to  VoIP 
USFs  decision  to  stick  with  tried-and- 
true  technology  rather  than  emerging 
VoIP  reflects  a  change  of  direction  on  the 
part  of  its  IT  staff,  which  originally  want¬ 
ed  a  converged  network. 

“Our  staff  was  understandably  very 
excited  about  VoIRbut  if  we  had  just  run 
with  that  and  not  done  due  diligence  of 
what  VoIP  would  have  cost  and  done 
the  business  analysis,  we  could  have 
moved  more  quickly  but  had  a  failed 
VoIP  implementation,”  says  USF  CIO 
Tracy  Schroeder. 


■  HP’S  ProCurve  networking  arm 
and  Mitel  recently  announced  a 
joint  marketing  and  support  deal.  HP 
LAN  switch  engineers  will  be  trained 
to  support  Mitel  IP  PBX  and  IP 
phone  gear,  while  Mitel  technicians 
will  learn  ProCurve  LAN  and  wire¬ 
less  LAN  product  installation,  sup¬ 
port  and  troubleshooting  skills,  the 
itwo  vendors  said.  The  vendors  also 
II  work  to  integrate  IP  PBX  and 
LAN/WLAN  infrastructure  manage¬ 
ment  between  the  two  vendors' 
‘products.  HP  and  Mitel  have  worked 
(together  in  the  past,  with  joint  mar- 
(keting  agreements  and  product  inte- 
Igration  programs  —  such  as  Mitel 
(IP  phones  built  with  cradles  for  HPs 
ireless  iPaqs,  allowing  for  calendar 
[integration  and  voice-over-Wi-Fi 
[capabilities. 


“I’m  very  thankful  that  we  didn’t  do 
that,”  Schroeder  adds.“We’ll  have  a  stable 
solution  that  meets  our  needs  and  gives 
us  the  ability  to  do  the  cool  stuff  when 
it’s  time  and  when  it’s  appropriate.” 

USF  is  spending  $12.5  million  to  design 
and  build  its  new  telephone  and  data 
systems  to  support  3,500  on-campus 
users  and  an  additional  1,500  remote 
users.  USF  will  finish  migrating  to  the 
new  data  systems  on  Dec.  15  and  will  cut 
over  to  the  new  telephone  systems  dur¬ 
ing  the  Christmas  holidays. 

After  three  years  of  study  USF  bought 
two  NEC  NEAX  2400  IPX  communica¬ 
tions  systems  that  support  TDM  and  IP 
communications  and  a  NEAXMail  AD- 
120  messaging  system.  NEC  Unified 
Solutions,  the  prime  contractor  on  the 
job,  also  is  installing  a  Cisco-based  net¬ 
work  infrastructure  that  includes  routers 
and  access  switches. 

For  the  foreseeable  future,  USF  will  run 
See  USF,  page  20 


Mixing  bowl 

The  University  of  San  Francisco  is  spending  $12.5  million  to  design  and  build 
a  new  telephone  and  data  system  that  mixes  traditional  TDM  with  VoIP. 

University  of  San  Francisco 


TDM  agents 


NEC  NEAX  2400 
Upper-campus  switch 


USF  uses  IP  to  connect  its  new  lower- 
and  upper-campus  communications 
switches,  and  will  support  all-IP 
communications  to  two  new  buildings 
being  planned  for  the  campus. 


Voice  mail  system 


_  J 


Tasman  debuts  integrated  router 


■  BY  PHIL  HOCHMUTH  AND  JOHN  RIBEIRO 

While  Cisco  and  Juniper  gear  up  for  a 
fight  over  integrated  WAN  routers,  Tasman 
Networks  is  looking  to  jump  into  the  fray 
with  new  boxes  that  combine  access  with 
security  and  other  services. 

Tasman  says  it  plans  to  have  new  routers 
out  by  mid-2005  that  integrate  a  variety  of 
network  services  on  top  of  basic  T-l/T-3- 
based  WAN  connectivity  Integrating  tech¬ 
nologies  such  as  firewall,  VoIP  intrusion 
detection  and  prevention,  and  VPN  into  a 
single  box  can  make  a  WAN  less  costly  to 
deploy  and  easier  to  manage  than 
installing  services  on  separate  appliances. 

This  month  Tasman,  a  low-cost  competi¬ 
tor  to  Cisco  in  the  WAN  router  market, 
plans  to  announce  integration  of  new  ser¬ 
vices  into  its  routers,  such  as  intrusion 
detection,  intrusion  prevention,  VoIP  and 
Foint-to-Fbint  Protocol  over  Ethernet.  The 
firm  already  offers  VPN  and  firewall  capa¬ 
bilities  in  its  routers.  It  plans  to  integrate 


new  services  in  software  on  its  routers, 
which  are  based  on  standards-based  com¬ 
puting  and  telecom  components. 

“We  have  a  lot  of  computing  headroom 
on  our  routers  to  run  these  additional  func¬ 
tions  at  full  wire  speed,  we  are  going  to 
migrate  a  lot  of  appliance  functions  into 
the  routerj’says  Paul  Smith,  president  and 
CEO  of  Tasman. 

Tasman  sells  low-cost,  standards-based 
WAN  routers  and  other  network  gear,  in 
October,  it  introduced  a  T-l  WAN  router 
with  VPN  and  firewall  capabilities  for  about 
$1,000;  comparable  products  from  Cisco, 
Nortel  or  Juniper  can  cost  two  to  three 
times  that. 

Tasman  is  the  latest  among  several  ven¬ 
dors  —  including  Foundry  Networks, 
Enterasys  Networks  and  3Com  —  to  come 
out  with  plans  for  integrated  WAN  boxes. 

This  software-based  approach  differs 
from  rival  Cisco,  which  has  more  than  75% 
market  share.  Cisco  this  fall  introduced  a 
line  of  Integrated  Service  Routers,  which 


are  boxes  that  provide  WAN  routing  and 
VoIP  acceleration,  VPN  encryption  and 
intrusion-detection  technology  as  standard 
features  in  hardware.  Cisco  —  which  used 
to  implement  such  services  in  software  or 
with  add-on  modules  —  says  that  building 
such  functions  into  the  guts  of  a  router 
improves  performance  and  leaves  room 
for  expansion  with  more  features. 

Enterprise  users  want  more  features  than 
just  routing  in  their  routers,  whether  de¬ 
ployed  in  software  or  hardware.  A  recent 
survey  of  350  IT  professionals  by  The 
Yankee  Group  showed  that  more  than  50% 
of  users  would  like  to  have  services  such  as 
VPN,  firewall,  load  balancing  and  VoIP  inte¬ 
grated  into  a  single  device  —  whether  it’s  a 
LAN  switch  or  WAN  router.  Survey  respon¬ 
dents  said  reducing  costs  of  acquiring  and 
managing  multiple  appliances  was  the 
main  factor  for  wanting  integrated  devices. 

Ribeiro  is  a  correspondent  for  the  IDG 
News  Service. 


NetworkWorld 


11/29/04 


Met  Infrastructure 


www.nwfusion.com 


Start-up  uses  software  for  WLAN  IPS 


Bl  BY  JOHN  COX 

A  2-year-old  wireless  LAN  company  this 
week  is  scheduled  to  introduce  software 
and  radio  sensors  designed  to  offer  users  a 
full-blown  intrusion-prevention  system  for 
their  corporate  WLANs. 

The  software,  SpectraGuard,  from  AirTight 
Networks,  is  coupled  with  the  sensors  to 
generate  a  wealth  of  data  about  the  WLAN 
environment,  including  neighboring  radio 
transmissions.  The  data  is  displayed  on  a 
Web-based  management  application  and 
in  color-shaded  maps.  Radios  automatical¬ 
ly  can  be  classified  as  authorized,  rogue,  or 
external  access  points  and  clients. 

“it  scans  the  physical  footprint  [of  your 
location]  and  develops  intelligence  and 
context  about  what  is  a  legitimate  device 
and  what  is  not,”  says  Jim  Slaby  senior  ana¬ 
lyst  for  security  at  The  Yankee  Group. 

Using  that  intelligence  and  the  criteria  of 
the  corporations  security  policies, Spectra¬ 
Guard  can  isolate  specific  problems  or  sus¬ 
pect  devices,  Slaby  says.  “They’ve  also  got 
some  cool  features  to  pinpoint  within  a 
few  meters  where  all  the  access  points 
physically  reside,  including  the  bad  ones,” 
he  says. 

SpectraGuard  has  three  main  compo¬ 
nents:  SpectraGuard  server,  available  pre- 
loaded  on  a  rack-mounted  appliance  or  as 
a  software  application  running  on  Linux; 


PROFILE: 


Location:  Mountain  View,  Calif. 

CEO:  David  King,  formerly  chairman,  president  and  CEO  of  Proxim 
Business:  WLAN  intrusion  prevention 

Employees:  75 

Finances:  Just  completed  Series  A  round,  totaling  $10.25  million,  by  Walden 

International;  also  Blueprint  Ventures,  Granite  Venture, Trident  Capital. 

Fun  fact:  Venture  capitalists  decided  to  invest  in  AirTight  when  the  company 
plugged  in  its  SpectraGuard  system  and  exposed  their  network 
vulnerabilities. 


sensors  fitted  with  two  radios,  802.1  lb/g 
and  802.1  la,  that  connect  to  the  appliance 
or  to  spare  Power-over-Ethernet  ports;  and 
the  Web-based  SpectraGuard  Dashboard, 
which  is  the  management  interface. 

Using  these  components,  administrators 
can  specify  the  network  protocols,  access 
point  Service  Set  Identifiers  and  products 
that  are  authorized  for  the  WLAN.  They 
can  group  alerts  into  those  that  are  han¬ 
dled  manually  and  those  that  are  han¬ 
dled  automatically. 

One  optional  component,  which  many 
users  might  consider  essential,  is  Spectra- 
Plan,  a  Windows  2000  or  XP  application 
that  layers  different  views  of  the  radio  envi¬ 


ronment  over  a  floor  plan  of  the  building 
or  campus. The  applications  color-shaded 
views  show  data  such  as  link  speeds,  chan¬ 
nel  assignments,  access  point  locations,  in¬ 
door  and  outdoor  radio  coverage,  and  the 
radio  coverage  by  the  AirTight  sensors. 

The  combination  of  these  components 
creates  a  continuous  real-time  map  of  the 
radio  environment. 

When  the  sensors  pick  up  rogue  devices 
or  a  mistaken  connection  by  enterprise 
wireless  clients  to  neighboring  access 
points,  SpectraGuard  identifies  and  locates 
the  specific  client  and  access  point,  and 
automatically  disrupts  the  connection  be¬ 
tween  them.  The  SpectraGuard  display 


uses  color  shading  to  identify  the  most  like¬ 
ly  location  of  either  a  rogue  access  point  or 
client,  within  a  few  meters. 

The  new  products  are  based  in  part  on  a 
trio  of  WLAN  monitoring  and  management 
tools  the  company  previewed  in  2002 
when  it  was  known  as  Wibhu  Technolo¬ 
gies.  At  that  time,  the  company  created  one 
program  for  WAN  intrusion  detection,  one 
for  WAN  radio  monitoring  and  one  for 
WAN  planning  and  design. 

Early  this  year,  a  new  management  tear 
under  former  Proxim  chairman  and  CEC 
David  King,  refocused  developers  on  using 
these  tools  as  the  basis  for  an  intrusion-pre¬ 
vention  product,  going  beyond  just  detect¬ 
ing  a  problem  to  taking  action  on  it. 

“Traditional  intrusion-detection  syster 
require  just  too  darn  much  human  inter 
vention,” Slaby  says.“Intrusion  prevention 
a  bit  smarter’ 

An  array  of  vendors  are  jumping  on  this 
same  intrusion-prevention  idea,  including  s 
most  recently  AirDefense  (www.nwfu 
sion.com,  DocFinder:  4835),  but  also  loca 
tion  services  vendors  such  as  Newbury 
Networks.  These  all  use  dedicated  radic 
scanners.  WAN  switch  vendors  such 
Aruba  Wireless  Networks  and  Airespace 
provide  some  similar  functions. 

A  starter  kit  with  CD-ROM  and  two  ser 
sors  is  priced  at  $7,500;  sensors  are  priced 
between  $700  and  $800.  ■ 


Site: 


Lessons  from  Leading  Users 

USF 

continued  from  page  19 

its  voice  communications  overTDM,but  it 
will  experiment  with  VoIP  in  two  new 
buildings  being  planned  for  the  campus. 
The  new  buildings  will  get  VoIP  because 
USF  can  install  an  IP-ready  infrastructure. 
The  university’s  new  NEC/Cisco  infra¬ 
structure  can  support  both  technologies 
simultaneously 

“We  thought  we  would  end  up  with  a 
converged  solution,  but  we  did  not,” 
Schroeder  says.  “We  ended  up  with  sepa¬ 
rate  data  and  voice  solutions,  but  with  the 
ability  to  converge  in  areas  where  it 
makes  sense  and  when  it  feels  that  the 
technology  is  fully  mature.” 

USF’s  decision  to  swim  at  least  partially 
against  the  VoIP  tide  is  significant  given 
that  its  network  upgrade  project  was  one 
of  the  largest  deals  on  the  West  Coast  in 
recent  years,  NEC  officials  say 

“USF  is  a  very  prestigious  university? says 
Rod  Rafnson,  director  of  operations  for 
NEC  Unified  Solutions. “This  is  a  design/- 
build  project,  so  we  had  the  opportunity 
to  provide  a  response  that  includes  a  full 
solution:  data  infrastructure,  voice,  PBX, 
cabling,  reworked  terminals  and  unified 


messaging. 

In  the  end,  NEC  won  the  USF  deal 
because  of  its  ability  to  provide  an  end-to- 
end  package  and  its  ability  to  support 
both  TDM  and  IPUSF  declined  to  identify 
the  other  bidders  on  the  network  upgrade 
project. 

“One  of  the  feasibilities  that  USF  liked 
best  about  NEC  is  that  they  could  buy  an 
IP-ready  telephone  system  that  they 
could  use  today  . . .  and  yet  not  necessar¬ 
ily  roll  out  IP  everywhere,”  Rafnson  says. 
“They  can  phase  IP  in.” 

USF’s  network  upgrade  was  driven  by 
the  need  to  replace  its  aging  telephone 
system. 

“We  have  at  this  point  a  15-year-old 
phone  switch  that  is  no  longer  made  or 
supported,”  Schroeder  says.  “The  only 
way  we  keep  it  running  is  through  the  in- 
house  expertise  of  one  of  our  employ¬ 
ees  who  used  to  work  at  that  company 
and  gray-market  replacement  parts.  .  .  . 
We  knew  we  were  in  an  untenable  situ¬ 
ation  with  our  phone  system,  not  to 
mention  that  it  lacks  many  modern  fea¬ 
tures  such  as  mass  distribution  of  voice 
mail.” 

Meanwhile,  USF’s  data  systems  were  a 
hodgepodge  of  Enterasys  and  Cisco  hubs 
and  switches,  with  minimal  fiber  in  the 


ground  to  each  building.  USF  decided  to 
upgrade  its  whole  network  infrastructure 
at  the  same  time  to  improve  performance 
and  reliability 

Now  USF  will  have  36  strands  of  fiber 
going  into  each  building  instead  of  four 
strands  for  added  redundancy  By  pur¬ 
chasing  two  NEC  NEAX  2400  IPX  sys¬ 
tems,  USF  is  getting  redundancy  in  its 
telephone  switching  systems  for  the  first 
time.  Also  new  are  network  monitoring 
capabilities. 

“This  new  network  will  give  us  a  greatly 
expanded  ability  to  monitor  our  network 
and  tune  performance,”  Schroeder  says. 

As  part  of  the  upgrade,  USF  also  will 
increase  its  Internet  connection  from  SBC 
from  30M  to  120M  bit/sec. 

USF  doesn’t  expect  to  save  money  on  its 
new  network  infrastructure.  Instead,  the 
university  is  gaining  much-needed  redun¬ 
dancy  and  a  modern,  feature-rich  tele¬ 
phone  system. 

“This  is  a  much  higher-capacity  network 
with  more  reliability  and  more  stability?’ 
Schroeder  says.  “It’s  not  going  to  be  a 
cheaper  network,  but  it  goes  a  long  way 
toward  mitigating  a  significant  risk  that 
we  had.” 

At  the  launch  of  its  procurement  in 
2001 ,  USF’s  IT  staff  thought  it  was  going  to 


purchase  gear  to  build  an  all-IP  network. 
But  the  all-IP  approach  was  too  expen¬ 
sive,  as  the  university’s  infrastructure 
would  have  to  be  upgraded  —  everything 
from  copper  cabling  to  air  conditioning. 

“The  cost  of  getting  the  infrastructure 
ready  for  convergence  was  quite  high,” 
Schroeder  says.  “We  didn’t  see  a  business 
reason  to  do  that.” 

Still, USF  is  interested  in  IPUSF  uses  IP  to 
connect  its  new  lower-  and  upper-campus 
communications  switches.  It  also  intends 
to  install  all-IP  gear  in  two  new  buildings 
being  planned  for  the  campus. 

“I  expect  us  to  converge  our  networks  in 
those  buildings  rather  than  running  sepa¬ 
rate  cable  for  the  phones,  and  we’ll  be 
able  to  do  that  with  the  new  phone 
switch  from  NEC,”  Schroeder  says.  “We’re 
going  to  converge  where  it  makes  sense 
and  not  converge  where  it  doesn’t.” 

USF  does  not  want  its  network  to  be  on 
the  bleeding  edge,  Schroeder  says. 

“We  want  to  be  at  the  middle  of  the 
pack,  with  mature,  widely  deployed  tech¬ 
nologies,”  Schroeder  says.  ■ 


Convergence 

Subscribe  to  our  free  newsletter. 
DocFinder:  5434  www.nwfusion.com 


Are  you? 


Millions  of  your  peers  are  turning  to  the  Security  Guidance  Center  for  the  latest  in  security.  By  visiting  regularly, 
they  get  the  tools,  guidance,  and  training  needed  for  better  protection  against  viruses  and  other  security  threats. 
Visit  microsoft.com/security/IT  today  and  see  for  yourself  the  newest  additions,  including: 


Microsoft®  Windows® XP  Service  Pack  2  with  Advanced  Security  Technologies  Download  it  for  free 
and  evaluate  the  latest  updates  for  increased  system  control  and  proactive  protection  against  security  threats. 


Free  Online  Self  Assessment  Complete  this  free,  Web-based  self-assessment  test  to  help 
you  evaluate  your  organization's  security  practices,  and  identify  areas  for  improvement. 


Free  Updates  and  E-mail  Alerts  Stay  on  top  of  the  latest  security  issues  quickly  and 
easily  by  signing  up  for  free  Microsoft  Security  Communications. 


Free  Security  Tools  React  more  effectively  to  potential  security  threats.  Take  advantage  of 

free  tools  and  technologies  like  the  Microsoft  Baseline  Security  Analyzer  and  Software  Update  Services. 


Go  today  to  microsoft.com/security/IT 


Microsoft 


C  2004  Microsoft  Corporation.  All  rights  reserved  Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  of 
Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


:  : 


mmm 


Your  sales  force  visits  a  customer's  office 
leave  nothing  behind. 


The  BlackBerry  Enterprise  Solution  Difference 


Lets  you  extend  your  current  CRM  applications 
and  databases* 


In  the  world  of  IT,  you  need  to  support  your  sales  force  while  saving  costs 
and  maximizing  performance.  With  the  BlackBerry®  Enterprise  Solution, 
you  can  give  your  sales  force  access  to  the  information  they  need.  And 
you  can  do  it  with  one  secure,  wireless  platform.  Best  of  all,  with  the 
BlackBerry  Enterprise  Solution,  you  can  extend  your  existing  CRM  and 
sales  databases  and  reinvent  the  sales  process  without  reinventing  the 
wheel.*  So  when  you're  ready  to  take  information  on  the  road,  leave 
complicated  integration  behind.  All  you  need  is  BlackBerry. 


Provides  advanced  security  including  advanced 
encryption,  handheld  password  protection,  wireless 
IT  security  commands  and  policies 

Provides  flexible  application  deployment  -  build  in- 
house  or  with  help  from  a  systems  integrator  or  inde¬ 
pendent  software  vendor 

Includes  server  software,  wireless  handhelds,  wireless 
service,  development  tools  and  support  programs 


Get  your  "BlackBerry 
Extensibility  Kir 
Today! 


More  Than  Wireless  E-mail 
Order  the  BlackBerry  Extensibility  Kit  to 
out  how  you  can  improve 
efficiency  of  your  sales  force. 

Visit:  www.blackberry.com/go/exkf 


■IT/Oy  1  Research  In  Motion  limited  (RIM).  All  tights  reserved.  BlackBerry  is  an  end-to-end  wireless  solution  developed  by  RIM  The  RIM  and  BlackBerry  families  of  related  marks,  images  ana  symt» 
,  .in  a,  'Always  On,  Always  Connected',  Blackberry  and  the  Blackberry  logo  are  registered  with  the  U  S.  Patent  and  Trademark  Office  and  may  be  pending  or  registered  in  other  countries.  "Check  wit 
.  '  features  outlined  in  this  document  require  a  minimum  version  of  BlackBerry  Enterprise  Server  Software,  BlackBerry  Desktop  Software,  and/or  BlackBerry  Handheld  Software  and  may  require 
■  ■  jr.ito  applications  Prior  to  subscribing  to  or  implementing  any  third  party  products  and  services,  it  is  your  responsibility  to  ensure  that  the  airtime  service  provider  you  are  working  with  has 


■.latio:  and  use  of  third  party  products  and  services  with  RIM's  products  and  services  may  require  one  or  more  patent,  trademark  or  copyright  licenses  in  order  to  avoid  infringement  of  thc- 
-•  ling  whether  such  third  party  licenses  are  requited  and  are  responsible  for  acquiring  any  such  licenses.  To  the  extent  that  such  intellectual  property  licenses  may  be  required,  RIM  expressly  recommends 
all  such  applicable  lie  enses  have  been  acquired  by  you  or  on  your  behalf.  Your  use  of  third  party  software  shall  be  governed  by  and  subject  to  you  agreeing  to  the  terms  of  separate  software  licenses,  if  any,  for 
that  aie  provided  with  RIM's  products  and  services  are  provided  'as  is”  RIM  makes  no  representation,  warranty  or  guarantee  whatsoever  in  relation  to  the  third  party  products  or  services  and  RIM  assumes  no 
soivces  even  if  RiM  has  been  advised  of  the  possibility  of  such  damages  or  can  anticipate  such  damages. 


Do  software  users  need  indemnification? 

Vendors  are  protecting  against  intellectual  property  lawsuits,  but  some  say  its  all  about  marketing. 


■  BY  JORIS  EVERS 

If  purchasing  software  were  as  straightfor¬ 
ward  as  buying  a  car,  users  wouldn’t  have 
to  think  twice  about  the  risk  of  intellectual 
property  lawsuits.  Say  General  Motors 
claims  it  owns  a  patent  on  power  steering 
and  alleges  infringement  by  Ford.  GM 
would  have  to  sue  Ford,  not  drivers  who 
bought  Ford  cars,  legal  experts  say 

But  software,  unlike  cars  or  most  tangible 
consumer  products,  is  licensed.  Some  soft¬ 
ware  makers,  particularly  in  the  open 
source  market,  where  code  is  often  con- 


■  IBM  rolled  out  a  tape  drive  last 
week  that  the  company  says  is  up  to 
20%  faster  than  Linear  Tape  Open  dri¬ 
ves  from  competitors.  The  IBM  Total- 
Storage  3580  LTO  Generation  3  is 
designed  for  midrange  enterprise  net¬ 
works.  It  has  reduced  power  require¬ 
ments  and  operates  at  lower  chip 
temperatures.  The  drive  delivers  as 
many  as  80M  bytes  of  throughput  per 
second  and  stores  as  much  as  800G 
bytes  of  data  on  a  single  cartridge, 

IBM  says.  The  drive  is  expected  to  be 
available  next  month  starting  at 
$6,500. 

■  Users  of  Nokia’s  7610  smart 

phone  and  possibly  other  phones  run¬ 
ning  Symbian's  Series  60  software 
should  be  aware  of  a  new  Trojan 
program  on  the  Internet.  “We  have 
located  several  freeware  and  share¬ 
ware  sites  offering  a  program,  called 
Extended  Theme  Manager,  that  con¬ 
tains  a  Trojan  horse,"  says  Mikko  Hyp- 
ponen,  director  of  anti-virus  research 
at  F-Secure.The  malicious  code,  called 
Skulls,  deactivates  all  links  to  Symbian 
system  applications,  such  as  e-mail 
and  calendar,  by  replacing  their  menu 
icons  with  images  of  skulls,  according 
to  Hypponen.  Users  of  affected 
phones  can  only  send  or  receive  calls, 
he  says.  Most  monitored  sites  have 
removed  the  program,  Hypponen  says. 


tributed  by  noncommercial  developers 
from  all  over  the  world,  use  licenses  to  limit 
their  liability  and  exclude  user  protection 
from  intellectual  property  lawsuits.  This 
protection  would  otherwise  be  implied  by 
law,  experts  say 

“People  who  buy  software  have  less  pro¬ 
tection  than  people  who  buy  cars,”  says 
Bruce  Sunstein,  a  patent  attorney  at  Brom¬ 
berg  &  Sunstein  in  Boston.  “The  license 
terms  have  been  designed  to  protect  soft¬ 
ware  vendors.” 

Underscoring  a  growing  awareness  of 
this  issue  on  the  part  of  users,  Microsoft  ear¬ 
lier  this  month  expanded  its  intellectual 
property  indemnification  program  to  cover 
most  of  its  customers.  Previously  the  com¬ 
pany  covered  only  so-called  volume  li¬ 
cense  buyers  —  customers  who  buy  Mi¬ 
crosoft’s  products  in  bulk.  The  Microsoft 
plan  protects  customers  from  exposure  to 
legal  costs  and  damages  related  to  patent, 
copyright,  trade  secret  and  trademark 
claims.The  protection  has  no  financial  cap. 

With  the  expanded  program,  Microsoft  is 
seeking  to  set  itself  apart  from  rivals,  espe¬ 
cially  those  in  the  open  source  community 
Users  are  showing  more  interest  in  indem¬ 
nification  programs,  particularly  for  Linux 
after  The  SCO  Group,  which  says  Linux  in¬ 
cludes  some  of  its  copyright-protected 
code,  earlier  this  year  threatened  infringe¬ 
ment  lawsuits. 

Protection  plans 

The  type  of  protection  software  indem¬ 
nification  programs  offer  varies  widely 
(see  graphic,  page  24).  Vendors  typically 
offer  comprehensive  protection  for  pro¬ 
prietary  products,  but  not  for  open  source 
software.  Novell  offers  SuSE  Linux 
Enterprise  Server  8  customers  protection 
against  copyright-infringement  claims 
only  The  protection  also  is  capped  and 
tied  to  restrictions  such  as  the  require¬ 
ment  to  purchase  a  maintenance  con¬ 
tract.  HP  offers  indemnification  for  Linux 
products  it  sells,  but  only  against  SCO 
claims,  and  the  buyer  must  sign  a  support 
contract  and  use  HP  hardware.  Linux  ven¬ 
dor  Red  Hat  does  not  indemnify  cus¬ 
tomers,  but  promises  to  replace  Enterprise 
Linux  code  for  users  if  a  court  were  to  find 
that  the  product  infringes  a  copyright.  IBM 
does  not  indemnify  the  Novell  and  Red 
Hat  Linux  products  it  sells.  Sun  says  it 
offers  indemnification  for  all  Sun-branded 
software,  but  failed  to  provide  details  of  its 


A  heavy  price 

The  median  cost  to  each  party 
in  a  patent  infringement  suit 
with  more  than  $25  million  at 
risk  is 

$4  million, 

according  to  the  American 
Intellectual  Property  Law 
Association. 


programs  by  press  time. 

Many  Linux  vendors  can’t  match  Micro¬ 
soft’s  blanket  indemnification  because 
they  don’t  have  the  financial  means, 
experts  say  “Red  Hat  is  not  nearly  the  size 
of  Microsoft.  It  could  never  take  on  a  lim¬ 
itless  indemnification  obligation  for  its 
users.  It  really  would  not  be  worth  the 
paper  it  was  written  on  if  you  had  a  sub¬ 
stantial  enough  [intellectual  property] 
claim,"  says  David  Elkins,  a  partner  at 
Squire,  Sanders  &  Dempsey  in  Palo  Alto. 

Another  reason  some  users  are  getting 
more  concerned  about  lawsuits  is  that 
there  are  a  growing  number  of  firms  that 
acquire  patents  specifically  to  use  the 
threat  of  lawsuits  to  extract  money  from 
other  companies,  according  to  Dan  Ravi- 
cher,  executive  director  of  the  Public 
Patent  Foundation  (see  what  Network 
World's  columnists  have  to  say  on  the 
topic  on  pages  24,28  and  66). 

At  HPindemnification  is  discussed  in  the 
“vast  majority”  of  talks  with  customers  who 
buy  direct  from  the  company  according  to 
Martin  Fink,  vice  president  of  Linux  at  HP 

However,  while  indemnification  is  a 
topic  in  sales  discussions,  the  jury  is  still 
out  on  whether  software  buyers  really 
need  such  protection. “The  chance  that  a 
corporation  will  find  itself  the  unwitting 
target  of  a  third-party  [intellectual  prop¬ 
erty]  lawsuit ...  is  low.  It’s  about  the  same 
chance  that  the  average  taxpayer  gets 
audited  by  the  Internal  Revenue  Service,” 
wrote  Laura  DiDio,  senior  analyst  at  The 
Yankee  Group,  in  a  recent  report. 

DiDio  praises  Microsoft’s  indemnification 
program  and  argues  that  “low  risk  can  still 
equal  high  cost.” 

The  risk  of  patent-infringement  lawsuits 
is  overstated  and  used  to  spread  uncer¬ 
tainty  in  the  marketplace,  according  to 


Lawrence  Rosen,  founding  partner  of 
Rosenlaw  and  Einschlag.in  Ukiah  and  Los 
Altos  Hills,  Calif.,  and  general  counsel  for 
the  Open  Source  Initiative,  a  nonprofit 
group  that  manages  and  promotes  the 
open  source  definition  and  certifies  open 
source  software  licenses. 

“Indemnity  now  is  a  politically  interest¬ 
ing  term,  and  people  are  using  it  for  mar¬ 
keting  purposes.  So  far  it  hasn’t  made 
much  difference.  1  don’t  know  of  anyone 
who  is  actually  seeking  indemnification 
on  open  source  software,”  he  says. 

HP  has  offered  indemnification  fora  little 
over  a  year,  but  fewer  than  100  customers 
have  signed  up,  Fink  says.  The  program  is 
for  customers  who  purchased  Red  Hat  and 
SuSE  Linux  from  HP  or  an  HP  reseller  and 
run  the  software  on  HP  hardware. 

Still,  HP’s  Fink  says  the  customers  in  the 
program  account  for  thousands  of  servers. 
“The  customers  who  are  signing  up  for  this 
are  large  enterprise-class  customers,  so  it’s 
actually  quite  substantial  to  have  these 
many  customers  signed  up,”  he  says. 

But  the  marketing  aspect  is  also  impor¬ 
tant  because  HP  competes  against  IBM, 
which  does  not  indemnify  its  Linux  cus- 
tomers.“It  has  really  allowed  HP  to  differ¬ 
entiate  against  IBM  who  has  refused  to 
step  up  to  the  plate,”  Fink  says. 

“Since  IBM  is  not  a  Linux  distributor,  it 
does  not  offer  direct  indemnification. 
However,  our  Linux  distribution  partners, 
specifically  Red  Hat  and  Novell  SuSE 
Linux,  have  announced  programs  to  assist 
customers  concerned  about  intellectual 
property  risk,”  says  Mike  Darcy  of  IBM 
media  relations,  Linux. 

Microsoft  gets  three  or  four  calls  each 
month  from  customers  who  have  been 
threatened  with  lawsuits,  says  Martin 
See  Indemnification,  page  24 

f  II  s  /  „ 

■Jl  '  ’  0 


More  online! 


Read  how  some  experts  believe  the  tide  is  changing, 
making  indemnification  worthwhile  for 
more  than  just  the  larger  companies. 

DocFinder:  4836 


NetworkWorld 


11/29/04 


Enterprise  €ompiitirig 


www.nwfusion.com 


Microsoft’s  Ballmer  talks  the  talk 


If  Steve  Ballmer  didn’t  exist,  reporters 
and  columnists  would  have  to  invent 
him.  A  couple  of  weeks  ago,  the  trade 
press,  the  business  press  and  even  the  gen¬ 
eral  press  was  all  lit  up  with  screaming 
headlines  claiming  that  Microsoft  was 
going  to  sue  people  using  Linux  for  patent 
infringement.  They  all  cited  a  speech  that 
Ballmer  gave  to  the  Asian  Government 
Leaders  Forum  on  Nov.  18  and  said  Mi¬ 
crosoft  was  going  to  wage  all-out  war  on 
open  source  software. 

It  was  revealed  in  only  a  small  handful  of 
the  publications,  though,  that  Ballmer  was 
merely  quoting  from  a  report  (“There  was  a 


report  out  this  summer  by  an  open  source 
group  that  highlighted  that  Linux  violates 
over  228  patents.”)  written  by  Open  Source 
Risk  Management,  an  organization  self- 
described  as  existing11. .  .to  support  the  con¬ 
tinued  strength  and  growth  of  free  and 
open  source  software  through  a  compre¬ 
hensive  offering  of  sophisticated  risk  man¬ 
agement  products  and  services.”  Bruce 
Perens,  noted  Linux  defender  (and  Micro¬ 
soft  basher),  is  on  the  board  of  directors. 

The  author  of  the  study  Dan  Ravicher,  an 
attorney  and  executive  director  of  the  Pub¬ 
lic  Patent  Foundation,  tried  to  claim  Ball¬ 
mer  misquoted  the  study  (he  didn’t  quote 
it  at  all,  merely  referenced  it)  then  went  on 
to  say  that  all  operating  systems  might  face 
patent  infringement  issues.  But  no  amount 
of  lawyer-speak  can  obfuscate  the  fact  that 
Ravicher  did  say  that  Linux  might  face 
action  on  more  than  283  (not  228)  patents. 

Anyone  suing  Microsoft  because  Win¬ 


dows  infringes  a  patent  better  have  ex¬ 
tremely  deep  pockets.  Anyone  suing  a  Mi¬ 
crosoft  licensee  should  know  that  they’ll 
be  taking  on  Microsoft  and  its  lawyers 
(based  on  the  indemnification  program  it 
announced  two  weeks  ago).  But  suing  a 
Linux  licensee  is  more  like  those  early  sea¬ 
son  football  games  that  Big  State  U.  has 
against  County  Computer  College.  You 
know,  the  ones  were  the  final  score  is  96-0. 

Microsoft  won’t  have  to  sue  any  Linux 
licensee  for  patent  infringement  because 
there  are  plenty  of  patent-holding  compa¬ 
nies  whose  sole  product  is  litigation  over 
intellectual  property  Ballmer  doesn’t  have 
to  threaten  anyone,  just  remind  them  that 
we  do  live  in  a  litigious  society  in  his  own 
inimitable  style,  of  course  (“Some  day  . . . 
somebody  will  come  and  look  for  money 
to  pay  for  the  patent  rights  for  that  intellec¬ 
tual  property”).  Keep  talking,  Steve,  there’s 
lots  of  ink  left  to  write  with! 


Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Silicon 
Valley.  He  can  be  reached  at  wired@ 
vquill.com. 


Tip  of  the  Week 


Mark  your  calendars. 

Netpro's  fourth  annual 
Directory  Experts  Conference 

is  coming  to  Vancouver  in 
March  (www.nwfusion.com, 
DocFinder:  4832).  It's  THE 
conference  for  those  in 
Active  Directory  trenches 
every  day.  I'll  be  there;  hope 
you  will  be,  too. 


Indemnification 

continued  from  page  23 

Taylor,  general  manager  of  platform  strat¬ 
egy  at  Microsoft. “Microsoft  should  not  be 
in  the  position  of  assessing  legal  risk  for 
people,  but  we  are  in  the  position  to  tell 
our  customers  that  they  don’t  need  to 
worry  about  anything  when  deploying 
Microsoft  technology  he  says. 

One  Microsoft  customer  said  intellectual 
property  protection  is  key 

“When  we  evaluate  companies  and  soft¬ 
ware  products,  indemnification  is  one  of 
the  first  things  we  look  at,”  says  Ken  Mes- 
zaros,  assistant  vice  president  and  infra¬ 
structure  manager  at  LandAmerica  Finan¬ 


cial  Group,  a  Richmond,  Va.,  real  estate 
transaction  services  provider.  “It  is  impor¬ 
tant  that  the  vendor  is  willing  to  stand  up 
for  the  integrity  of  its  products.” 

Indemnification  essentially  is  the  same  as 
an  insurance  policy  Whether  an  organiza¬ 
tion  needs  such  insurance  depends  on  its 
risk  of  being  sued,  experts  agree.They  don’t 
agree  on  the  degree  to  which  users  are 
actually  at  risk. 

Chances  of  an  end-user  company  getting 
sued  depend  on  size  of  the  company  its 
financial  wherewithal,  how  widely  the  soft¬ 
ware  in  question  is  deployed  and  the  mar¬ 
ket  capitalization  of  the  vendor  that  provid¬ 
ed  the  software, says  Mark  Webbink,  deputy 
general  counsel  at  Red  Hat. 


One  point  industry  watchers  have  made 
is  that  open  source  users  stand  a  higher  risk 
of  being  sued  because  open  source  ven¬ 
dors  make  less  of  an  attractive  target.  They 
are  smaller  than  and  not  as  wealthy  as,  for 
example,  Microsoft,  which  is  the  target  of 
many  lawsuits. 

“If  the  end  user  is  a  more  attractive  target 
than  the  vendor,  that  would  potentially  be  a 
reason  for  a  patent  holder  to  go  after  them,” 
Webbink  says.  Still,  he  sees  Red  Hat  as  a 
large  commercial  vendor,  just  like  Microsoft 
and  others.  “Large  commercial  vendors, 
including  Novell  and  Red  Hat,  provide  a 
more  inviting  direct  target  than  an  end 
user;”  he  says. 

HR  which  sells  more  than  just  Linux  prod¬ 


ucts,  is  pretty  straightforward.  “If  the  cus¬ 
tomer’s  primary  concern  in  their  IT  solu¬ 
tion  is  intellectual  property  protection, then 
Linux  and  open  source  software  may  not 
be  the  right  answer  for  them,”  Fink  says. 

Only  the  largest  companies  need  indem¬ 
nification,  Elkins  says.  For  smaller  compa¬ 
nies,  indemnification  is  nice  to  have,  but 
not  necessary  in  most  cases,  he  says. 

This  brings  Microsoft’s  move  to  expand 
legal  protection  to  smaller  users  into  con¬ 
text,  Elkins  says.  “Microsoft  is  using  its 
financial  power  to  enhance  its  marketing 
advantage.” 

Evers  is  a  correspondent  with  the  IDG 
News  Service. 


They’ve  got  your  back 

How  software  intellectual  property  indemnification  offerings  stack  up: 


HP 

Microsoft 

Novell 

0SRM* 

Protection  offered 

SCO-related  lawsuits  only.  For 
any  Linux  distribution  shipped 
and  supported  by  HP. 

Legal  fees  and  damages  from 
patent,  copyright,  trademark  and 
trade  secret  claims.  For  most 
desktop  and  server  products 
except  Windows  XP  Embedded 
and  Windows  CE. 

Legal  fees  and  damages  from  copyright  claims.  For  SuSE 
Linux  Enterprise  Server  8. 

Legal  fees  and  damages  from 
patent  and  copyright  claims. 
For  open  source  software 
based  on  Versions  2.4  and  2.6 

of  the  Linux  kernel. 

Monetary  cap 

None. 

None. 

None  on  legal  fees.  Damages  are  capped  at  the  lesser  of 
$1.5  million,  or  125%  of  the  total  amount  paid  for  licenses, 
upgrades  and  updates  forthe  allegedly  infringing  product. 

Depends  on  policy  bought. 

Price 

Free,  but  requires  customers  to 
sign  an  indemnity  agreement 
with  HP. 

Included  in  license. 

Free,  but  requires  customers  to  register  for  the  Novell 
Linux  indemnification  program. 

Average  annual  cost  of  3%  of 
maximum  desired  coverage.  For 
example,  $1  million  in  coverage 
would  cost  $30,000  per  year. 

Key  requirements 

•  Buy  HP  standard  or  premium 
software  support  contract. 

•  Run  Linux  solely  on  HP 
hardware. 

•  Source  code  modifications  are 
not  allowed. 

None. 

•  Buy  at  least  $50,000  per  year  worth  of  licenses,  upgrades 
and  updates  from  Novell. 

•  Maintain  upgrade  protection  on  the  indemnified  products, 
and  a  premium  service-level  contract. 

•  Register  within  10  days  from  Linux  purchase. 

•  Source  code  modifications  by  user  are  not  covered. 

•  OSRM  will  do  a  risk 
assessment,  and  customers 
have  to  adopt  "best  practices 
protocols.” 

•  Source  code  modifications 

allowed. 

Open  Source  Risk  Management  plans  to  start  offering  indemnification  products  in  the  first  quarter  of  2005. 


www.nwfusion.com 


- 

1 

' 

11/29/04 

NctworkV/orid 

■  CRM  ■  MESSAGING/COLLABORATION  ■  WEB  SERVICES 

■  ERP  ■  E-COM  ■  NETWORK  AND  SYSTEMS  MANAGEMENT 


Application  mgmt.  service  on  tap 


■  Management  vendor  NetlQ  this 
week  released  AppManager  Con¬ 
nector  for  NetlQ  Security  Man¬ 
ager  (AM-SM  Connector),  which 
combines  performance  and  availability 
monitoring  with  security  event  man¬ 
agement  into  one  console.  The  con¬ 
nector  alerts  system  administrators 
to  security-related  events,  such  as  a 
denial-of-service  attack,  which  could 
degrade  service  on  a  network.  NetlQ 
also  introduced  AppManager 
Analysis  Center  2.0,  a  reporting  and 
analysis  tool,  and  AppManager  Con¬ 
trol  Center  6.0,  one  console  that  pulls 
together  monitoring  and  manage¬ 
ment  data  from  multiple  App¬ 
Manager  repositories.  The  AM-SM 
Connector  is  free  for  Security 
Manager  users.  Analysis  Center  2.0 
costs  $150  per  server  and  App¬ 
Manager  Control  Center  6.0  ships 
with  AppManager  Operator  Console, 
which  costs  $2,500. 

■  ANTs  Software  last  week  released 
the  latest  version  of  its  high-perfor¬ 
mance  SQL  database  designed  to 
offload  key  transaction  loads  from 
traditional  databases  from  compa¬ 
nies  such  as  Oracle  and  Sybase. 
ANTs  Data  Server  2.4  includes 
interfaces  for  data-mining  tools,  a 
performance  boost  and  features  to 
improve  reliability.  ADS  is  a  full 
SQL92-compliant  relational  database 
that  the  vendor  debuted  a  year  ago.  It 
relies  on  patent-pending  technology 
that  avoids  the  locking  mechanisms 
rivals  use  to  protect  data  but  that 
slows  performance  in  the  process. 
The  result  is  much  faster  processing 
with  SQL  transactions  than  with 
conventionally  designed  relational 
database  management  systems, 
ANTs  says.  ADS  is  designed  for 
applications  such  as  financial  ser¬ 
vices,  logistics,  retail  and  telecom. 
These  typically  have  large  numbers 
of  concurrent  users,  heavy  workloads 
and  very  fast  response  times.  Version 
2.4  is  available  now  for  download  and 
evaluation  at  www.ants.com.  List 
price  is  $25,000  per  CPU.  ADS  runs 
on  several  Linux  releases,  Windows 
2000  Server  and  Solaris  8  or  higher. 


■  BY  ANN  BEDNARZ 

Against  the  backdrop  of  Oracle’s  continu¬ 
ing  takeover  bid,  PeopleSoft  has  unveiled  a 
suite  of  application  management  services 
to  let  its  customers  outsource  some  or  all 
of  the  technical  support  for  their  on¬ 
premises  PeopleSoft  deployments. 

The  new  services,  which  are  available  on 
a  subscription  basis,  are  designed  for 
PeopleSoft’s  Enterprise  line  and  its  En- 
terpriseOne  and  World  products,  which 
were  gained  though  the  acquisition  of  J.D. 
Edwards.  The  new  services  tackle  four  pri¬ 
mary  areas:  maintenance,  administration, 
performance  and  end-user  support. 

PeopleSoft’s  maintenance  services  pro¬ 
vide  system  diagnosis  and  include  service 
pack  management.  Its  administration  ser¬ 
vices  focus  on  uptime  and  availability  and 
monitor  application  metrics  such  as  job 
queues  and  memory  utilization. 

On  the  performance  front,  PeopleSoft’s 
so-called  Extended  Services  include  per¬ 
formance  tuning,  customizations,  change- 


Forum  adds 

■  BY  JOHN  FONTANA 

Forum  Systems,  which  develops  tools  to 
speed  the  delivery  of  XML  messages,  this 
week  is  scheduled  to  upgrade  its  technol¬ 
ogy  to  provide  end  users  with  the  ability 
to  support  new  and  traditional  message¬ 
queuing  protocols. 

*  The  support  is  available  in  Sentry  Web 
Services  Security  Gateway  4.1,  which 
Forum  says  provides  the  ability  to  blend 
traditional  message  queuing  with  Web  ser- 
vices.The  vendor  also  is  adding  support  for 
identity-based  access  control  not  only  at 
the  XML  message  level  but  also  for  end 
users  through  integration  with  Web  access 
management  software  from  Netegrity, 
Oblix,  RSA  Security  and  Tivoli. 

Also  new  are  content-based  routing  and 
service-virtualization  features,  along  with 
support  for  the  attachments  extension  to 
the  Simple  Object  Access  Protocol  and  for 
WS-Security. 

Most  important,  however,  is  the  support 
for  messaging  queuing.  It  starts  to  move 
Sentry  —  which  is  available  as  software,  a 
dedicated  appliance  or  embedded  on  a 
PCI-card,  —  from  pure  traffic  acceleration 
to  a  hub  for  process  workflow. 


control  management  and  disaster  recov¬ 
ery  End-user  services  focus  on  technical 
support  to  augment  existing  customer- 
based  help  desks. 

PeopleSoft’s  global  services  team  will 
deliver  the  new  services  remotely  through 
company  facilities  in  Pleasanton,  Calif.; 
Chicago;  Toronto;  Madrid,  Spain;  Amster¬ 
dam;  Sydney,  Australia;  and  Bangalore, 
India. 

Product  support  is  a  key  area  of  concern 
for  PeopleSoft  users,  in  light  of  Oracle’s  hos¬ 
tile  bid. 

AMR  Research  recently  surveyed  People- 
Soft  customers  on  their  expectations  and 
plans  if  Oracle  succeeds  in  acquiring 
PeopleSoft.  It  found  a  majority  of  users  — 
former  J.D.  Edwards  customers,  in  particu¬ 
lar  —  have  low  expectations  for  the  fate  of 
their  product  and  are  willing  to  move  to 
third-party  support  to  save  money 

Among  150  PeopleSoft  customers  sur¬ 
veyed,  47%  expect  Oracle  to  offer  no 
new  features,  and  17%  expect  minimal 
enhancements. 


XML  trafficking 

ZapThink  predicts  XML 
traffic  on  corporate 
networks  will  grow 
from  about  15°b  in 
2004  to  just  less  than 


by  2008. 


“Forum  Systems  sees  that  if  you  are  an 
appliance,  and  traffic  is  going  through 
your  box,  and  you  are  essentially  looking 
at  every  message,  then  the  question  of 
‘should  I  route  it?’  can  be  made  at  the 
same  time,” says  Ron  Schmelzer,an  analyst 
at  ZapThink. 

Schmelzer  says  that  for  companies 
deploying  enterprise  service  bus  technol¬ 
ogy  —  a  sort  of  next-generation  middle¬ 
ware  that  combines  standards-based 
transactional  messaging  —  XML  transfor¬ 
mation  and  rules-based  routing,  the  ques¬ 
tion  is,  would  it  be  more  efficient  to  do 


More  than  half  —  63%  —  said  they 
would  drop  maintenance  immediately,  or 
if  Oracle  stops  enhancing  the  product,  or 
if  third-party  support  was  available  for 
half  the  prices  of  their  current  mainte¬ 
nance  charges. 

Lower-rate  maintenance  could  be  avail¬ 
able  from  vendors  such  as  TomorrowNow, 
which  built  its  business  by  providing  ser¬ 
vices  for  PeopleSoft  applications.Tomor- 
rowNow  says  its  clients  save  up  to  50%  off 
annual  maintenance  and  support  fees. 

The  trade-off  in  going  with  an  alternative 
source  for  maintenance  such  as  Tomorrow- 
Now  is  that  a  company  gives  up  getting  its 
vendor’s  product  enhancements  but  gains 
significantly  reduced  costs. 

Increasingly  these  vendors  are  getting  a 
second  look  from  ERP  customers  —  par¬ 
ticularly  if  those  customers  don’t  plan  to 
upgrade  their  ERP  software,  analysts  say 
More  companies  will  move  to  third-party 
support  for  their  ERP  applications  if  they 
are  content  with  current  features  and  see 
See  PeopleSoft,  page  28 


that  in  hardware. 

“1  think  we  can  start  to  see  more  hard¬ 
ware  appliances  getting  into  the  game  of 
doing  things  that  fundamentally  used  to  be 
done  in  software,  such  as  message  queu¬ 
ing,  [QoS] ,  guaranteed  reliability  and  even 
transactions,”  Schmelzer  says. 

Earlier  this  year,  Sarvega  unveiled  its 
Context  Router,  an  appliance  that  works  at 
Layer  7,  and  companies  such  as  Digital 
Evolution,  with  its  Service  Manager,  include 
routing  features  in  software  that  installs  on 
standard  servers. 

Forum  Sentry  4. 1  supports  asynchronous 
messaging  through  integration  with  Tibco 
Rendezvous,  JMS,  IBM  WebSphere  MQ  and 
emerging  Web  services  protocols  such  as 
WS-Addressing,  WS-Eventing  and  WS- 
Notification. 

“The  first  thing  for  us  is  to  support  tra¬ 
ditional  message  queuing  from  a  trans¬ 
port  perspective,”  says  Walid  Negm,  vice 
president  of  product  marketing  for 
Forum  Systems,  adding  that  the  company 
supports  those  over  a  service-oriented 
architecture. 

Sentry  Web  Services  Security  Gateway 
4.1  and  costs  $50,000  for  appliance  and 
$20,000  for  the  software.  ■ 


message  queuing  support 


NAME 


Ms.  3,000  Customer 
Web  Servers  Upgraded 
in  Three  Hours 


"We  have  3,000  servers  at  customer  sites  worldwide. 
My  team  of  four  manages,  monitors,  makes  changes, 
and  does  upgrades  without  leaving  our  desks." 

Saori  Foterios 

IT  Manager,  Reuters 


Make  a  name  for  yourself  with  Windows  Server  System. 

Microsoft  Windows  Server  System  makes  Reuters 
infrastructure  easier  to  manage.  Here's  how:  In 
the  past,  updating  Reuters  servers  deployed  at 
customer  sites  required  dispatching  a  Reuters 
technician  to  the  customer  site.  But  now,  using 
Windows  Server  2003,  Reuters  can  manage 
everything  remotely,  allowing  them  to  invest 
their  resources  in  new  products  and  added 
services.  It's  software  that  helps  you  do  more  with 
less.  Get  the  full  Reuters  story  and  a  hands-on 
management  tool  at  microsoft.com/wssystem 


Windows  Server  System”'  includes  these  products: 


Server  OS 

Windows  Server™ 

/ft/ 

Operations  Infrastructure 

Systems  Management  Server 

Application  Center 

Operations  Manager 

/ 1#  / 

Microsoft*  41 

Windows 
Server  System 

Internet  Security  &  Acceleration  Server 

Windows®*  Storage  Server 

Application  Infrastructure 

SQL  Server'” 

BizTalk*-  Server 

Commerce  Server 

Content  Management  Server 

Host  Integration  Server 

Information  Work  Infrastructure 

Exchange  Server 

Office  SharePoinf”  Portal  Server 
Office  Live  Communications  Server 


www.nwfusion.com 


NetworkWorld 


11/29/04 


Application  Senices 


Quality  of  threats  rather  than  quality  of  software 


Microsoft  seems  to  have  changed  tac¬ 
tics.  Once  upon  a  time  the  com¬ 
pany  was  proud  of  its  software  and 
tried  to  sell  it  on  the  basis  of  what  it  could 
do.  But  the  tactic  of  “selling  the  steak”  (as 
the  advertising  biz  puts  it)  or  even  “selling 
the  sizzle”  (which  you  do  if  you  don’t  have 
steak)  seem  to  be  getting  pushed  to  the 
background. 


■  BY  JUAN  CARLOS  PEREZ 

Google,  which  implemented  an  internal 
Weblog  system  behind  its  firewall  about 
18  months  ago,  has  seen  tremendous  ben¬ 
efits  from  it  and  might  in  the  future  con¬ 
sider  providing  blogging  tools  and  exper¬ 
tise  to  interested  corporate  clients,  a 
Google  executive  said. 

Google  deployed  an  internal  blog  for  its 
employees  shortly  after  acquiring  the 
blogging  service  Blogger  in  early  2003, 
and  since  then  Google  staffers  have  found 
many  useful  and  creative  ways  for  using 
the  internal  blog,  says  Jason  Goldman, 
Blogger  product  manager  at  Google. 

“Since  then,  we  have  seen  a  lot  of  dif¬ 
ferent  uses  of  blogs  within  the  firewall: 
people  keeping  track  of  meeting  notes, 
sharing  diagnostics  information,  sharing 
snippets  of  code,  as  well  as  more  person¬ 
al  uses,  like  letting  co-workers  know  what 
they’re  thinking  about  and  what  they’re 
up  to,”  Goldman  says.“It  really  helps  grow 
the  intranet  and  the  internal  base  of 
documents.” 

Google  executives  have  talked  in  the 
past  about  the  company’s  internal 
Blogger  implementation,  called  Blogger 
in  Google.Asked  if  Google  would  be  open 
to  providing  software  and  consulting  to 
companies  interested  in  deploying  an 
internal  Blogger  version,  Goldman  was 
non-committal  but  didn’t  close  the  door 
on  the  possibility. “Sure,  it  may.  If  the  right 
business  relationship  existed,  that  could 
be  a  great  opportunity.  But  it’s  not  some¬ 
thing  we  have  specific  plans  around  right 
now,”  he  says. 

It's  unlikely  that  Google  will  develop  a 
version  of  Blogger  that  would  compete 
head-to-head  against  enterprise  docu¬ 
ment  management  products,  but  it’s  very 
possible  Google  will  give  Blogger  some 
features  to  make  it  more  attractive  for 
business  use, says  Allen  Weiner,  a  Gartner 
analyst. 


Microsoft  seems  to  have  switched  to  a 
protection-racket  approach.  This  shift  has 
been  happening  for  a  while  now.  The 
company  has  warned  users  that  the  intel¬ 
lectual  property  rights  picture  with  open 
source  software  is  fuzzy.  Now  it  has  moved 
past  merely  issuing  warnings  to  issuing 
implied  threats. 

On  Nov.  18,  Microsoft  CEO  Steve  Ballmer 
said  at  the  Microsoft-sponsored  Asian  Gov¬ 
ernment  Leaders  Forum  in  Singapore  that 
governments  using  Linux  will  get  sued.  He 
pointed  out  that  a  report  last  summer  said 
Linux  violates  more  than  228  patents. 
(Detail: The  report  he  cited  actually  claims 
283  patents.  See  www.nwfusion.com,  Doc- 


Ultimately,  vendors  will  approach  the 
emerging  enterprise  blogging  market  from 
two  angles,  Weiner  says.  First,  there  will  be 
the  enterprise  document  management 
vendors  and  the  enterprise  publishing  soft¬ 
ware  vendors  tweaking  their  industrial- 
strength  products  to  support  blogging  fea- 
tures.These  companies  will  cater  to  organi¬ 
zations  that  need  security, rich  functionality 
and  IT  control.  Second,  there  will  be  more- 
lightweight  products  such  as  Blogger, 
which  will  suit  organizations  that  approach 
blogging  from  a  more  casual  perspective. 

What  is  undeniable  is  that  businesses 


■  BY  JUAN  CARLOS  PEREZ 

The  increasingly  competitive  Web-based 
e-mail  market  has  a  new  player:  Instant¬ 
messaging  provider  ICQ  now  offers  a  fee- 
based  service  that  includes  2G  bytes  of 
storage,  a  calendar  feature,  task  manager, 
notepad,  wireless  access  and  support  for 
both  POP3  and  Internet  Message  Access 
Protocol. 

The  service  also  includes  spam  filtering 
and  blocking,  protection  against  viruses 
and  a  20M-byte  ceiling  on  files  sent  or 
received.  The  service  offers  a  feature  that 
translates  messages  into  seven  languages, 
the  ability  to  compress  large  attachments 
and  Wireless  Access  Protocol  support  for 
access  from  a  mobile  device.  The  features 
in  this  service  make  it  a  competitor  to  ser¬ 
vices  from  other  providers,  such  as  Yahoo, 
Microsoft  and  Google,  whose  Gmail  Web- 
based  e-mail  is  in  beta. 

The  ICQ  Web-based  e-mail  service  has  fea¬ 
tures  available  for  additional  fees.  One 
extra-cost  feature  lets  users  send  e-mails  to 
wireless  devices  that  support  Short  Message 
Service.  Another  one  is  a  video  e-mail  ser- 


Finder:  4833.) 

Ballmer  didn’t  say  that  Microsoft  was 
going  to  sue  users,  but  the  threat  was  clear 
—  if  the  governments  did  not  stick  to 
Windows  software  someone  would  come 
by  to  break  their  legal  kneecaps.  Maybe 
Ballmer  was  thinking  The  SCO  Group 
would  be  the  enforcer.  Microsoft  has 
helped  bankroll  SCO’s  wacko  multi-billion 
dollar  demand  for  IBM  to  rescue  SCO  from 
having  to  rely  on  sales  of  its  own  software. 
The  tea  leaves  don’t  look  all  that  good  for 
this  effort. 

If  SCO  is  successful,  it  will  try  to  collect 
hundreds  of  dollars  per  Linux  system  even 
though,  by  the  company’s  own  admission, 


increasingly  are  interested  in  blogs  as 
business  communication  tools,  particu-1 
larly  among  IT  departments.  “The  man¬ 
date  of  IT  organizations  today  is  to  do 
more  with  less,  so  the  better  they  can 
communicate  and  share  things,  the  more 
efficient  their  operations  will  be,”  Weiner 
says.  “There’s  a  huge  benefit  in  blogging 
for  companies  implementing  IT  projects. 
It’s  going  to  be  a  growing  trend  over  the 
next  couple  of  years.” 

Perez  is  a  correspondent  with  the  IDG 
News  Service. 


vice  that  subscribers  can  use  if  they  have 
Webcams  attached  to  their  PCs;  the  Web- 
based  e-mail  interface  hasVCR-like  controls 
to  record  the  message,  which  recipients  in 
turn  can  play  back  without  additional  soft¬ 
ware  on  Windows-based  PCs. 

Meanwhile,  ICQ  also  said  its  free  Web- 
based  e-mail  service,  which  used  to  be  a 
generic  and  bare-bones  offering,  has 
undergone  a  significant  revamping.  It  now 
features  enhanced  message-search  fea¬ 
tures,  virus  and  spam  protection,  more 
ways  to  manage  in-box  messages,  such  as 
a  new  folder  for  drafts  and  a  sent-mail 
confirmation  feature.  However,  in-box  stor¬ 
age  for  the  free  6M-byte  service  is  low 
compared  with  other  providers. 

ICQ,  owned  by  AOL,  is  set  to  sell  the  ser¬ 
vice  for  $20  per  year.  ICQ  is  partnering 
with  Mail2World  to  provide  these  Web- 
based  e-mail  services.  ICQ  signed  up 
Mail2WorId  several  months  ago,  says 
Ronen  Arad,  ICQ  director  of  product 
management. 

Perez  is  a  correspondent  with  the  IDG 
News  Service. 


SCO  code  (if  there  is  any)  would  be  a 
minute  percentage  of  the  overall  system.  I 
guess  Microsoft  would  consider  that  a  pos¬ 
itive  development  and  easier  than  improv¬ 
ing  its  software  to  actually  compete  with 
Linux.  Because  Microsoft  has  buckets  of 
numbers  that  purport  to  show  that  the  total 
cost  of  ownership  for  Linux  is  higher  than 
that  for  Windows,  the  only  reason  anyone  in 
their  right  (Microsoft)  mind  would  choose 
Linux  is  that  they  thought  it  was  better. 

Microsoft  is  far  from  immune  to  patent- 
infringement  lawsuits.  According  to  pub¬ 
lished  reports,  Microsoft  already  is  fighting 
more  than  30  patent  suits.  In  the  last  year  or 
two,  it  has  paid  out  more  than  $1  billion  to 
settle  a  subset  of  the  claims.  Maybe  there  is 
an  anti-Microsoft  clone  of  SCO  that  will 
decide  to  sue  Microsoft  customers  over  its 
use  of  Microsoft  software.  In  this  day  and 
age,  it  doesn’t  take  much  imagination  to 
foresee  that  type  of  thing. 

Microsoft  recently  had  to  extend  its  in¬ 
demnification  program  to  most  customers 
to  mitigate  this  risk  (DocFinder:  4834). 
People  could  still  get  sued  and  disrupted, 
as  some  companies  were  when  SCO  was 
trying  to  raise  the  pressure  on  IBM,  but 
Microsoft  has  agreed  to  pay  some  of  the 
expenses  if  its  customers  get  sued. 

In  any  case,  it’s  very  sad  to  see  Microsoft 
decide,  along  with  most  of  the  political 
advertisers  whose  work  I  saw  over  the  past 
year,  that  defining  your  opponent  as  a 
threat  is  more  effective  than  actually  saying 
what  you  have  or  stand  for. 

Disclaimer:  As  far  as  I  know,  Harvard  only 
does  “come-hither”  ads  and  not  “escape 
from  them”  ads.  Maybe  that’s  because  there 
are  good  reasons  to  come  hither.  In  any 
case,  the  above  is  my  opinion. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


PeopleSoft 

continued  from  page  25 

no  indication  that  the  ERP  vendor  is  in¬ 
vesting  in  enhancements  of  value  to 
them,  says  Bill  Swanton,  vice  president  of 
research  at  AMR. 

“The  TomorrowNow-type  business 
model  of  providing  support  and  statutory 
patches  for  50%  of  regular  maintenance 
prices  will,  if  nothing  else,  put  price  pres¬ 
sure  on  Oracle  as  it  competes  to  keep  the 
business,”  Swanton  wrote  in  a  recent 
research  brief.  “Companies  are  only  will¬ 
ing  to  pay  standard  support  rates  for  a 
product  with  a  long  and  growing  life 
ahead  of  it.” 

If  Oracle  succeeds  in  its  bid  for  Fteople- 
Soft,  “it  has  a  significant  sales  job  to  turn 
around  perception  and  convince  the 
companies  surveyed  that  they  should 
stick  with  the  new  owner,”  Swanton  wrote. 
“A  clear  plan  for  any  product  upgrades 
and  enhancements  for  all  three  People- 
Soft  product  lines  will  be  critical.” ■ 


Google  sees  benefits  in  corporate 
blogging,  may  retail  Blogger  service 


ICQ  joins  Web-mail  battles 


#1  in  connections/sec 
#1  with  Gigabit  DoS  attack  protection 
#1  in  powerful  content  parsing 
and  cookie  switching 


and  Layer  4-7  solu 


Servcrlron  -  when  it  comes  to  Layer  4—7  load  balancing,  there  is  no  summit! 
just  a  continuous  journey.  Foundry's  Serverlron  switches  continue  to  be  the  trailhlazer 
for  server  scalability  with  one  accomplishment  after  another.  Serverlron  switches  protect 
servers  against  denial  -of-service  attacks,  improve  server  scalability,  and  vastly  enhance  server 
reliability.  Serverlron  makes  it  easy  to  manage  all  your  networked  applications  and  improve 
user  response  rime  while  eliminating  application  downtime.  It's  the  industry  leader  in 
performance,  intelligence,  security,  and  price.  So  it's  no  coincidence  that  Serverlron  is  the 
product  of  choice  for  the  world’s  largest  and  most  demanding  customers,  Visit  us  today  at 
www,  foundry  net  works.com /si,  C  )r  cal  1  l  .888.1  UKBOLAN  ( 1 .888.887.2652). 


FOUNDRY 

NETWORKS 

The  Power  of  Performance 


■-  \ 


amid 


To  truly  understand 

the  advantage  of  our  In-line 

intrusion  prevention  system. 


REMO 


i 


p  ?  %  V  £ £ 


lllil 


iti 

I3g§g 


ING 


YOU!  LIVER 


Just  as  your  liver  eliminates  toxins  from  your  bloodstream,  our  intrusion  prevention  system  rids  your  network  of  malicious  traffic, 

filtering  out  the  constant  barrage  of  security  and  performance  threats  while  allowing  vital  information  to  efficiently  flow  through. 

Your  network  is  the  lifeblood  of  your  business.  Purpose-built  on  custom  hardware,  only  TippingPoint's  UnityOne  Intrusion  Prevention 

I 

System  meets  the  essential  security  and  performance  requirements  your  network  needs  to  thrive.  Finally,  there’s  a  security  solution 
as  advanced  as  the  networks  it  protects...a  solution  you  can’t  live  without. 

"ill--*' 


CALL  FOR  A  FREE  EVALUATION  1.888.TRUE.IPS  www.tippingpoint.com/nww 

Copyright  2004  TippingPoint  Technologies,  Inc.  All  rights  reserved.  TippingPoint  Technologies,  the  TippingPoint  logo  and  UnityOne  are  registered  trademarks  of  TippingPoint  Technologies,  Inc. 


TippingPoint 

The  Leader  in  Intrusion  Prevention 


www.nwfusion.com 


11/29/04 


_ ±_ 


letworkWarid  E 


jiglg  ||§g5 

_  ....  M 

^gji 

l  Hjhn  am 

f 

iss  Hi ! 

■1  £■-  „  -jgwj&f  teya  Mm  mtmm  M 

m  THE  INTERNET  ■ 

roviders 


WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE  DEVELOPMENTS 


Vendor  eyes 
telecom  asset 
mess 

■  BY  DENISE  PAPPALARDO 

In  many  ways, Tim  Jasinski  has  a  job  to 
envy  As  vice  president  of  data  services  at 
Marriott  International,  he  enjoys  the 
responsibility  of  overseeing  a  network 
that  touches  3,000  hotels  and  sales 
offices  in  dozens  of  countries  and  works 
with  cutting-edge  technologies,  such  as 
IP  VPNs. 

But  the  job  isn’t  without  its  headaches, 
which  include  coordinating  with  a  hodge¬ 
podge  of  domestic  and  overseas  carriers 
and  dealing  with  the  chores  associated 
with  that,  such  as  checking  bill  accuracy 

“We  had  spreadsheets  from  multiple  sys¬ 
tems,”  he  says.“It  was  difficult  to  see  what 
was  going  on.” 

In  an  effort  to  get  a  better  handle  on  its 
telecom  services,  from  bill  checking  to  IP 
address  tracking  to  network  design, 
Marriott  turned  to  a  privately  held  soft¬ 
ware  maker  called  Rivermine  Software. 
The  vendor  is  trying  to  make  a  name  for 
itself  in  what  it  calls  “enterprise  telecom 
management”  and  in  what  analysts  say  is 
a  largely  unaddressed  market. 

Rivermine  has  morphed  since  1989 
from  a  consulting  firm  to  a  software 
maker  for  carriers  and  equipment  makers 
to  a  management  software  provider  for 
enterprise  networks.  The  company 
ditched  the  name  Telco  Exchange  in 
February,  while  grabbing  $5  million  in 
See  Rivermine,  page  32 


■  Core  router  maker  Axiowave 
Networks  has  cut  its  workforce 
from  156  to  25  as  it  seeks  to  add  to 
the  $120  million-plus  in  funding  it  has 
raised  since  starting  up  in  2000.  The 
cuts  affect  the  company’s  sales,  mar¬ 
keting  and  engineering  operations. 
Axiowave's  XCR  router  is  designed  to 
bring  ATM-  and  TDM-like  service- 
level  agreements  to  IP  networking. 
The  only  publicly  announced  deploy¬ 
ment  of  Axiowave  gear  is  at 
PowerNet  Global  in  Ohio. 


Verizon  weighs  in  on  enterprise  nets 


Verizon,  through  its  Enterprise 
Advance  initiative,  offers  long¬ 
distance  IP  data  and  voice  ser¬ 
vices  to  large  companies.  The 
carrier  says  it  has  landed  more 
than  2, 000  contracts  since  it 
began  the  effort  two  years  ago 
and  is  continuing  to  invest  heav¬ 
ily  —  $55  billion  since  2000  — 
in  its  network  and  new  services 
such  as  business  VoIP  Enterprise  Solutions  Group 
President  Eduardo  Menasce  recently  spoke  with 
Network  World’s  Jim  Duffy  about  the  market  land¬ 
scape  and  Verizon  s  strategy  What  follows  is  an 
edited  transcript. 

What  long-distance  services  do  large  enterprise  customers 
demand  most  and  why? 

Verizon  ESG  is  seeing  very  strong  demand  for  its 
metro  optical  and  Ethernet  services.  In  fact,  our  sales 
for  these  services  have  doubled  in  the  last  two  years. 
The  reason  for  this  is  enterprise  customers  need  more 
bandwidth  today  than  they  did  before  for  data-inten- 
sive  applications  like  sharing  MRI  files  in  a  hospital  or 
a  video  library  in  a  school. 

Are  these  services  priority  items  for  the  Enterprise  Solutions 
Group's  2005  road  map? 

Ethernet  is  a  key  strategy  for  2005. The  Ethernet  ser¬ 
vices  market  is  growing  at  a  40%-plus  [compound 
annual  rate]  driven  by  customer  requirements  for  high 
bandwidth,  cost-effective  network  services.  Other  key 
areas  will  be  VoIP  and  our  new  iobi  [multimedia  call 
and  message  management]  for  Enterprise  service. 

Is  the  large  enterprise  services  market  still  at  the  $1 00- 
billion  level  as  Verizon  cited  last  spring? 

Eighty-eight  billion.  Some  companies  are  really  losing 
a  lot  of  revenue  —  the  [interexchange  carriers]. We  are 
seeing  positive  growth,  small  but  positive.  Close  to  1%. 

There's  a  tremendous  amount  of  pricing  pressure  in  the 
enterprise  market,  some  analysts  cite  a  15%  to  20%  drop  in 
telecom  service  pricing  per  year.  Is  that  why  it  has  gone  from 
$100  billion  to  $88  billion? 

I  think  so.yes.lt  is  the  result  of  [AT&T  and  MCI]. They 
have  transformed  what  is  a  high-value  service  and 
started  a  price  war.  It’s  suicidal.  And  they  are  having  a 
very  negative  impact  on  the  industry. 

Why  are  they  doing  it? 

One  went  bankrupt. You  have  to  take  some  steps  to  at 
least  retain  your  customer  base. They  went  heavily  on 
price. The  other,  I  don’t  understand  why.  I  was  very 


much  surprised  when  a  new  president  came  in  and  the 
first  thing  he  did  was  say.Tm  not  going  to  lose  more 
market  share.  I’m  going  to  be  competitive.’  Customers 
pick  up  the  phone  and  say, ‘I  heard  you  say  that.  1  need 
you  to  lower  the  price.’ 

The  market  will  come  back  at  some  point  in  time. 

I  don’t  think  that  either  of  the  two  can  continue  that 
trend.  When  you  invest,  like  Verizon,  20%  of  your  rev¬ 
enue  in  capex  ...  if  you  don’t  get  very  high  margins, 
you  cannot  fund  that.You  really  shoot  yourself  in  the 
foot. 

So  how  do  you  compete? 

It’s  not  easy.  Because  we  don’t  have  the  reach  we 
don’t  go  head  on  with  AT&T  and  MCI.  I  do  not  compete 
for  the  whole  account. 

The  second  thing  is,  I  try  to  convince  my  customer 
that  there  is  a  value  here. 

The  third  thing  is  that  the  customers  say, ‘Look  at  the 
environment:  How  many  players  do  we  have  today? 

And  how  many  will  survive?’  If  I  am  a  CIO,  I’m  not  buy¬ 
ing  a  long-distance  consumer  voice  that  1  can  switch 
tomorrow  to  whoever.  I  am  putting  my  business  in  the 
hands  of  a  few.  Some  people  say, ‘Verizon  is  coming  to 
long-distance,  is  changing,  investing,  one  of  the  few 
companies  that  is  adding  people,  capex,  systems,  is  sta¬ 
ble.  . . .  It’s  good  to  give  these  people  a  try  and  allow 
them  to  participate  in  the  business.’ 

In  the  places  that  we  have  our  own  reach,  we  are 
very  strong.  We  do  have,  compared  to  the  IXCs,  a  local 
presence. 

Do  you  ever  win  accounts  from  AT&T  and  MCI  based  on  their 
tenuous  financial  positions? 

Ninety  percent  of  our  growth  comes  from  more  busi¬ 
ness  that  we  do  with  our  existing  accounts.  What  we 
are  trying  to  do  is  gain  market  share  within  those  cus¬ 
tomers.  Clearly,  we  are  gaining  market  share.  I  am  grow¬ 
ing  1%  this  year.  MCI  and  AT&T  are  losing  negative  10%, 
negative  12%. 

Is  your  goal  to  match  AT&T  and  MCI  service-for-service  and  in 
geographic  reach? 

I  don’t  think  so.  If  you  really  want  to  go  all  the  way 
through, you  have  to  put  much  more  money  upfront. 

We  found  a  prudent  approach  and  said, ‘Let’s  build  on 
our  strength.’  In  the  areas  where  we  already  have  costs 
under  control,  where  we  have  our  network  deployed, 
that’s  where  we  put  our  investment  first.  When  we  add 
the  long-distance  component,  we  become  a  much 
stronger  candidate.  1  can  play  a  very  good  role  on  the 
Tier  1  and  Tier  2  accounts.  A  regional  bank  is  a  perfect 
candidate  for  Verizon  service. 

Isn't  you  regional  strength  limited  to  your  traditional  13-state 
and  GTE  footprints? 

See  Verizon,  page  32 


www.nwfusion.com 


NetworkWorld 


11/29/04 


Service  Providers 


EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


Security  specialist  Andreas  Antono- 
poulos  likes  to  talk  about  the  “dark- 
net”  —  the  shadowy  network  of  mal¬ 
ware  applications  that  operate  at  a  layer 
above  the  traditional  Internet.  Encom¬ 
passing  everything  from  peer-to-peer  appli¬ 
cations  to  instant  messaging  and  VoIP  vul¬ 
nerabilities  and  distributed  denial-of-ser- 
vice  attacks,  the  darknet  poses  a  greater 
threat  to  companies  than  is  commonly 
assumed. 

At  a  recent  conference  on  IP  security  Carl 
Landwehr,  program  director  for  the 
National  Science  Foundations  CyberTrust 
program,  pointed  out  that  as  of  last  year, 
CERT  has  ceased  publishing  the  number  of 
known  security  incidents  because  there 


There's  a  need  to  illuminate  the  darknet 


are  simply  too  many  to  count.The  number 
of  attacks  skyrocketed  from  hundreds  per 
year  in  the  1990s  to  137,529  in  2003  (the 
last  year  in  which  attacks  were  reported). 

Landwehr  further  noted  that  while  a  sig¬ 
nificant  percentage  of  these  attacks  are 
“bad  guy  vs.  bad  guy” —  disgruntled  hack¬ 
ers  waging  war  against  each  other  — 
there’s  a  worrisome  increase  in  the  number 
of  for-profit  distributed  DoS  attacks. 
Essentially  what  happens  in  this  case  is  that 
a  hacker  launches  a  distributed  DoS  attack 
against  a  victim  (financial  services  firms 
and  online  casinos  are  favorite  targets) 
and  demands  money  to  stop.  This  has  hap¬ 
pened  with  increasing  frequency  over  the 
past  several  months,  including  one  recent 
incident  in  which  a  large  U.S.  consumer 
bank  went  offline  for  several  hours. 

The  amount  of  peer-to-peer  traffic  has 
climbed  significantly  Depending  on  whose 
statistics  you  believe,  anywhere  from  30% 
to  70%  of  traffic  comprises  peer-to-peer. 
While  peer-to-peer  is  not  necessarily  illegal 


or  even  inappropriate  —  commercial  peer- 
to-peer  applications  for  purposes  such  as 
corporate  data  sharing  are  on  the  rise  —  if 
unchecked,  it  can  swamp  an  enterprise 
network.  Moreover,  if  the  peer-to-peer  appli¬ 
cation  is  being  used  for  the  transfer  of 
copyrighted  content,  its  mere  presence  on 
a  corporate  network  can  expose  the  com¬ 
pany  to  legal  liability 

Organizations  need  a  multi-pronged 
approach  to  address  these  threats.  Start  by 
taking  distributed  DoS  and  related  attacks 
seriously: 

•  Investigate  protective  measures.  Net¬ 
work  providers  such  as  AT&T  offer  distrib¬ 
uted  DoS  protection  services  that  function 
by  detecting  a  distributed  DoS  attack  in 
progress  and  using  standard  routing  proto¬ 
cols  to  divert  traffic  to  network-based 
“scrubbers”  that  eliminate  most  of  the 
attack. 

•  Diversify  your  Internet  connectivity  As 
with  many  security  measures,  diversity  is 
one  of  the  best  protections.  Equinix  offers 


Equinix  Direct,  a  service  that  lets  cus¬ 
tomers  quickly  and  easily  diversify  their 
Internet  connections. 

•  Keep  track  of  what’s  on  your  network. 
Most  companies  have  no  idea  what’s 
really  on  their  network  (although  most 
think  they  do).  FaceTime  and  Akonix 
have  both  introduced  tools  that  let  IT 
executives  track  peer-to-peer  and  IM  vul¬ 
nerabilities.  FaceTime  also  has  intro¬ 
duced  FaceTime  Instant  Response 
Security  Team,  which  includes  tools  and 
best  practices  to  assess  vulnerabilities. 

•  Educate  yourself.  There’s  a  lot  of  solid 
literature  about  darknets  and  how  to  pro¬ 
tect  against  them.  A  good  source  for  back¬ 
ground  on  distributed  DoS  is  at  Wash¬ 
ington  University  at  www.nwfusion.com, 
DocFinder:  4828. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


I  » 

Verizon 

S  continued  from  page  31 

No.  The  first  year  of  Enterprise 
Advance  we  knew  exactly  the 
regional  strength  and  started 
with  the  1-95  corridor.  It  probably 
has  the  highest  teledensity  in 
/  the  world. 

Then  we  connected  the  dots. 
We  started  to  do  a  little  bit  more 
in  Florida,  in  Dallas,  in  California 
and  so  on.  Even  prior  to  Enter¬ 
prise  Advance  we  started  to 
deploy  fiber  in  L.A.  and  in 
Seattle. 

Once  we  linked  these  islands 
we  started  to  do  the  same  thing 
with  smaller  islands. Then  we 
started  to  do  the  same  thing 
as  we  moved  Enterprise  Ad¬ 
vance  into  places  that  we  have 
not  been  before.  That’s  where  we 
are  starting  to  increase  our 
reach.  It  has  worked  fairly  well.  1 
don’t  have  the  reach  of  AT&T  or 
MCI  or  Sprint;  but  in  the  places  I 
compete,  1  compete  fairly  well. 

You  plan  to  grow  from  65  points 
of  presence  this  year  to  100  next 
year.  When  will  your  services  - 
IP  VPN,  transparent  LAN  services  - 
be  truly  national  in  scope? 

By  the  end  of  2005  I  will  get 
very  close  to  80%  national 
coverage.  IP  VPN  will  probably 
be  faster  than  voice  because 
IP  voice  will  be  introduced 
in  the  second  half  of  next 
year.  US 


Rivermine 

continued  from  page  31 

venture  capital  funding  that  it  intends  to 
use  in  part  to  aggressively  market  its  prod¬ 
ucts  for  the  first  time.  Over  the  past  few 
months,  the  company  has  stocked  its  top 
management  ranks  with  refugees  from 
big-name  software  companies  such  as 
PeopleSoft  and  Siebel  Systems. 

Rivermine’s  software  centers  around  its 
Inventory  Engine,  in  which  customers 
keep  track  of  and  manage  all  of  their 
telecom  assets,  from  data  circuits  to 
routers  to  PBXs.  From  this  repository 
users  can  create  maps  of  their  global 
network,  specific  regions  or  types  of  cir¬ 
cuits  from  all  of  their  carriers,  or  they 
can  create  maps  that  zero  in  on  specific 
pieces  of  equipment. 

The  information  in  the  Inventory  Engine 
is  updated  regularly  by  the  Service  Order 
Management  application.  This  is  where 
users  manage  service  and  equipment  pro¬ 
curement  and  installation.  The  software 
also  has  a  network  design  element  that’s 
useful  when  users  are  looking  to  upgrade 
circuits  or  migrating  to  a  new  technology 
The  module  also  tracks  all  orders  and  ser¬ 
vice-level  agreements. 

An  application  called  Finance  Manager 
is  used  to  audit  telecom  bills,  allocate 
expenses  to  specific  departments  and 
process  invoices. 

Using  information  gathered  in  all  three 
pieces  of  Rivermine’s  system,  customers 
can  run  dozens  of  reports  including  aver¬ 
age  install  time  for  all  service  providers, 
trouble-ticket  resolution  times  and  all  cir¬ 
cuits  up  for  contract  renewal. 

“Enterprise  telecom  management  al¬ 
lows  users  to  not  only  see  what  makes  up 
their  network,  but  also  how  much  it  costs 
and  how  much  they  are  using,”  says  Doug 
Rutherford,  Rivermine’s  vice  president  of 
marketing. 


The  software  doesn’t  come  cheap.  A 
license  runs  from  $150,000  to  $700,000, 
with  a  possible  $400,000  more  in  imple¬ 
mentation  costs.  Marriott’s  Jasinski  won’t 
reveal  how  much  the  company  spent  on 
Rivermine  software,  but  says  it  received 
an  ROI  in  six  months,  half  the  time  he 
had  projected. 

Rivermine  officials  say  the  company  is 
on  pace  to  double  its  revenue  this  year 
from  last,  although  they  declined  to  give 
specifics.  The  company  says  that  in 


addition  to  Marriott,  customers  include 
IKON  Office  Solutions  and  Starbucks 
Coffee. 

Competitors  include  management 
software  companies  such  as  Aprisma 
and  Opticom,  although  neither  has  com¬ 
bined  bill  auditing,  network  design  and 
asset  inventory  in  one  system. 

“Rivermine  is  one  of  the  first  products 
that’s  trying  to  bring  different  pieces 
together,”  says  Eric  Goodness,  program 
director  at  Gartner.  ■ 


Outsourcing  snapshot 


Eighty-five  executives  worldwide  polled  by  Infonetics  say  they  will 
outsource  certain  IT  functions  more  over  the  next  three  years. 

What  percentage  of  enterprise  data  network  services  do  you  outsource? 


%  of  service  outsourced:  Less  than  10% 

10-25% 

25-50% 

50-75% 

75-100% 

%  of  respondents:  44.7 

What  percentage  of  enterprise  data  r 
in  three  years? 

5  of  service  outsourced:  Less  than  10% 

20 

letwork  s 

10-25% 

14.1 

>ervices 

25-50% 

7.1 

will  you  o 

50-75% 

14.1 

utsource 

75-100% 

%  of  respondents:  14.3 

21.4 

26.2 

21.4 

16.7 

Percentage  who  will 
outsource  specific  types 
of  applications  within 
three  years. 

0  10  20  30  40  50  60 


ERP 
CRM 

SCM  E 

E-mail  and  messaging^ 
Database  management 


On  a  scale  of  (low  1  ■ 

importance)  to  5  (high 
importance),  data  security 
was  deemed  most 
important  by  the 
largest  percentage 
of  respondents. 

They  also  were 
asked  to  weigh 
availability  of 
local  support, 
quality  of  customer 
service,  stability  of 
the  service  provider 
and  pricing. 


2-1.2% 
-4.8% 


REASONS  TO  THINK  ABOUT 
HIGH-PERFORMANCE,  AFFORDABLE, 
64-BIT  IBM  SERVERS  WITH  INTEL® 
XEON™  PROCESSORS. 


49 


EASY  TO  BUY 


36 


RESILIENT  ENOUGH 
TO  HELP  WEATHER 
THE  UNTHINKABLE. 


37 


UPTIME!!! 


11 


CALIBRATED 

VECTORED 

COOLING’" 

TECHNOLOGY 


38 


BRAND-NEW, 
FASTER  I/O 
FEATURES. 


43 


BETTER 

PERFORMANCE. 


15 


IBM  GLOBAL 
FINANCING. 


50 


13 


XTENDED  DESIGN 
ARCHITECTURE.’" 


LIGHT  PATH 
DIAGNOSTICS. 


24 

MICROSOFT® 

READY. 


42 


29 

ISV 

EMBRACED. 


19 


HIGHLY  RELIABLE. 


51 


FASTER  THAN 
EVER. 


HOT-SWAPPABLE, 

REDUNDANT 

COMPONENTS. 


39 

VISIBLE 

ALERTS. 


16 


IBM  STORAGE- 

SERVER 

COMPATIBILITY. 


54 


PREDICTIVE 
FAILURE  ANALYSIS? 


FULL  SUPPORT 
FOR  INTEL’S  EM64T 
MEMORY 
CAPABILITIES. 


61 


MIGRATE  WHEN 
YOU  WANT  TO. 


SIMPLE  SWAP 
DRIVES. 


SUSE  LINUX 
READY. 


34 


55 


IBM  EXPRESS 

portfolio:- 


22 


HIGH,  HIGH  ROi. 


8  DIMM  SLOTS. 


@  server 


30 

CHIPKILL™  MEMORY 
OPTIONS. 


48 

EASY  TO 
INSTALL. 


25 


LINUX"  READY. 


UNBELIEVABLY 
ADVANCED  SYSTEMS 
MANAGEMENT. 


26 


REDHAT  READY. 


58 

POWERFUL 
INTEL’  XEON'“ 
PROCESSORS. 


7 

OPTIMIZED 
FOR  RACKS. 


21 

LOW,  LOW  TOO. 


20 


60 

ENHANCES 
32-BIT  APPS. 


INCREASED 
PRODUCTIVITY. 

MODULAR 

EXPANSION 

OPTIONS. 


HIGHLY 

AVAILABLE. 


EASY  TO 
MANAGE. 


INTEGRATED 

RAID. 


NEW  LEVELS  OF 

PERFORMANCE 

DENSITY. 


14 

24-HOUR 

REMOTE  SUPPORT. 


3 

THE  X336. 


31 

REMOTE  MANAGEMENT 
FROM  ANYWHERE  ON 
THE  NETWORK. 

0 

FOOTPRINTS 
START  AT  1 U  X  27" 


64 

MAINFRAME-INSPIRED 

TECHNOLOGIES. 


32 

FOUR  HARD  DRIVES 
IN  A  1U  SERVER. 


4 

THE  X346. 


5 

THE  DS300 STORAGE 
ATTACHMENT. 


UP  TO  42  SERVERS  IN 
STANDARD  RACKS. 


59  41 

CREATED  FOR  MORE  JUICE. 

MID-SIZED 

BUSINESSES. 


45 

HIGHLY  FLEXIBLE. 


6 

THE  DS400 

STORAGE 

ATTACHMENT. 


28 

VIRTUALIZATION 

OPTIONS. 


52 

AFFORDABLE. 


8 

PRICES  START 
AT  $1,179.' 


REMOTE  SERVICING. 


REMOVE  “ADD  AN 
APP,  ADD  A  SERVER” 
FROM  YOUR 
VOCABULARY. 


56 

BUILT  WITH 
YOU  IN  MIND. 


62 

BETTER 

PERFORMANCE  WITH 
NEW  INTEL  XEON 
PROCESSORS. 


18  23 

ULTRA  SCALABLE.  MEMORY 

MIRRORING. 


PLUG  AND 
PLAY. 


@  server* 

WHY  IBM? 

The  IBM  eServer™  xSeries®  family  with  Intel  Xeon 
Processor-based  Xtended  Design  Architecture  is 
the  next-generation  architecture  designed,  priced 
and  supported  for  businesses  of  every  size. 

Giving  you  unbelievably  high  performance  at  an 
unbelievably  low  price. 

The  entry-level  x226  is  the  most  affordable  xSeries 
system  in  the  2-way  space.  The  x236  offers 
maximum  internal  scalability  in  an  IBM  industry- 
standard  tower.  Our  x336  gives  you  new  levels  of 
performance  density  in  a  2-way  rack-mounted  system. 
And  the  x346  offers  exceptional  scalability  and 
flexible  growth  in  a  2U  system. 

Of  course,  all  of  these  systems  are  powered  by 
state-of-the-art  64-bit  Intel®  Xeon™  Processors. 

Now  let’s  talk  about  storage  attachments  for  your 
eServer  xSeries  systems.  Let’s  talk  IBM  TotalStorage® 
systems.  The  entry-level  DS300  is  for  businesses  of 
any  size.  Rack-ready,  it’s  designed  to  let  you  pay  as 
you  grow.  The  very  hard  to  outgrow  DS400  is  xSeries 
storage  to  the  max.  Fast.  Expandable.  And  it  scales 
up  to  5.8  terabytes.2  Both  share  reliability  and  data 
protection  features  found  in  IBM  eServer  solutions. 

Now,  what  if  you’re  a  mid-sized  business  with  little  or 
no  IT  staff?  Enter  the  IBM  Express  Portfolio.  All  of  the 
above  xSeries  and  storage  products  offer  Express 
models,  specifically  designed  and  optimized  for  mid¬ 
sized  businesses.  IBM  Express  offerings  are  easy  to 
configure.  Easy  to  install.  Easy  to  manage.  And  easy 
on  the  checkbook. 

IBM  EXPRESS  PORTFOLIO  -  BUILT  FOR  MID-SIZED  BUSINESSES. 

gj|  DEMAND  BUSINESS 


WHY  64-srr? 

IBM’s  innovations  are  ideal  complements  for  64-bit 
Intel  Xeon  Processors:  light  path  diagnostics; 
Calibrated  Vectored  Cooling;  remote  monitoring; 

8  DIMM  slots.  We’ve  got  it  all. 

IBM  eServer  xSeries  systems  are  cost-effective  by 
almost  every  measure  of  TCO.  And  almost  every 
measure  of  ROI.  They  fit  in  standard  racks  and  are 
easily  scalable. 

Our  new  Xtended  Design  Architecture  works  with 
your  32-bit  industry-standard  apps.  And  your  new 
64-bit  industry-standard  apps.  And  those  32-bit 
and  64-bit  apps  that  are  still  on  the  drawing  board. 

WHY  NOW? 

This  is  the  future.  This  is  where  developers  are  going. 
Where  the  industry  standard  is  forming.  Where 
business  is  headed. 

The  transition  is  well  under  way.  Above  all,  64-bit 
is  stable.  It’s  reliable.  It’s  powerful.  It’s  fast.  It’s  here. 
And  we’re  paving  the  way. 

Every  64-bit-enabled  xSeries  server  is  designed  to 
have  more  memory,  which  allows  you  to  run  more 
powerful  apps.  And  if  you're  reticent  about  making 
the  move  to  64-bit,  relax.  Xtended  Design 
Architecture  actually  enhances  your  32-bit  apps,  so 
you  can  do  more  with  what  you  already  have.  Do 
more  now.  Do  more  later.  Do  more  period  with  64-bit 
Intel  Xeon  Processors  and  IBM  Xtended  Design 
Architecture. 

These  servers  and  storage  units  are  designed  with 
one  thing  in  mind -you.  It’s  an  exciting  story.  You 
need  to  learn  more  at  ibm.com/eserver/64reasons 


'IBM  web  price  for  the  xSeries  226  (2.8  Ghz  processor,  512  MB  memory,  80  GB  SATA  HDD),  current  as  of  10/18/04,  and  is  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive, 
operating  system  or  other  features.  Price  does  not  include  tax  or  shipping.  Reseller  prices  may  vary.  See  www.pc.ibm.com/us/eserver/xseries.  IBM  does  not  warrant  non-IBM  products.  'Terabyte  equals 
one  trillion  bytes  when  referring  to  total  disk  drive  capacity.  Accessible  capacity  may  be  less.  IBM,  the  e-business  logo,  eServer,  the  eServer  logo,  Calibrated  Vectored  Cooling,  ChipKill,  IBM  Express 
Portfolio.  Predictive  Failure  Analysis,  TotalStorage,  xSeries  and  Xtended  Design  Architecture  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States 
and/or  other  countries.  Intel.  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Linux 
is  a  trademark  of  Linus  Torvalds  in  the  United  States,  other  countries,  or  both.  Microsoft  and  Windows  NT  are  trademarks  of  Microsoft  Corporation  in  the  United  States,  other  countries,  or  both.  Other 
company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2004  IBM  Corporation.  All  rights  reserved. 


Federated  ID  facilitates  Web  services 


HOW  IT  WORKS 


Employer 


Employee 


Federated  identity 

Security  Assertion  Markup  Language  (SAML)  can  be 
used  for  a  company  to  provide  Web  services  to 
partners  and  their  user  bases. 

Acme  Insurance 


Application 

server 

7 


XML  security 
gateway 


Identity 

server 


XML  security 
gateway 


Application 

server 

Z/ 


©  An  authenticated  employee  requests  an  insurance  quote  from  the  employer  application  server. 

©  Employer  application  server  issues  Simple  Object  Access  Protocol  request  to  Acme  Insurance’s  insurance  quote 
Web  service. 

©  Employer’s  XML  security  gateway  talks  to  identity  server  to  obtain  authentication  evidence. 

©  Employer’s  XML  security  gateway  inserts  a  SAML  assertion  for  the  authenticated  employee  in  the  request.  It 
also  may  sign  or  encrypt  the  message  for  additional  security. 

©  Acme  Insurance’s  XML  security  gateway  checks  the  SAML  assertion  to  ensure  the  employee  is  valid  and  then 
forwards  the  message  to  the  application  server  to  send  back  insurance  quote. 


■  BY  REBECCA  XIONG 

Companies  looking  to  make  Web  ser¬ 
vices  available  to  business  partners  and 
their  respective  user  bases  must  first  figure 
out  how  to  federate  identity  Federated 
identity  management  refers  to  managing 
access  so  that  only  those  who  have  a  right 
to  use  specific  services  may  do  so. 

Take  for  example  Acme  Insurance, 
which  wants  to  make  quotes  through  Web 
services  to  legitimate  employees  of  multi¬ 
ple  employer  partners.  If  Acme  needs  to 
create  a  user  account  for  each  new 
employee  of  an  employer  partner,  it  would 
need  to  maintain  a  large  user  database  at 
a  high  cost.  It’s  far  more  efficient  to  have 
the  employer  basically  vouch  for  its 
employees. 

There  are  several  XML  standards  for  fed¬ 
erating  identity  across  domains:  Security 
Assertion  Markup  Language  (SAML), 
Liberty  Alliance  and  Web  Services 
Federation  Language  (WS-Federation). 
They  can  be  used  to  eliminate  duplicate 
user  repositories,  while  letting  companies 
intermix  standards-compliant  products 
from  different  vendors.  For  example,  an 
XML-/SAML-aware  gateway  or  proxy  can  be 
used  to  both  enforce  access  control  effi¬ 
ciently  and  handle  other  Web  services 
security  processing  such  as  XML  threat  pro¬ 
tection,  schema  validation  and  message 
security 

SAML  and  Liberty  Alliance  are  converg¬ 
ing:  SAML  2.0  is  under  public  review  and 
will  incorporate  more  advanced  features 
from  Liberty  Alliance, such  as  single  logout 
and  account  linking. 

An  examination  of  SAML  1.1  will 
provide  a  good  understanding  of  the 
basics  that  can  be  extended  to  SAML 


2.0/Liberty  Alliance. 

SAML  specifics 

SAML  is  a  framework  for  exchanging 
XML  assertions  of  security  information  so 
that  a  user  only  needs  to  be  authenticated 
once  and  other  parties  can  use  that  infor¬ 
mation.  More  specifically,  SAML  supports: 

•  Authentication  assertion:  provides  evi¬ 
dence  of  previous  authentication. 

•  Attribute  assertion:  lists  a  user’s  attrib¬ 
utes  as  requested. 

•  Authorization  assertion:  whether  the 


user  is  allowed  to  access  a  given  resource. 

Here’s  how  Acme  can  use  SAML  to 
manage  federated  identity.  First,  the 
employee  authenticates  with  the  employ¬ 
er  Intranet  portal. Clicking  on  a  link  on  the 
employer’s  portal  triggers  a  Simple  Object 
Access  Protocol  (SOAP)  request  to 
Acme’s  Web  service  for  an  insurance 
quote.  In  the  SOAP  request,  the  employer 
inserts  a  SAML  authentication  assertion 
about  the  employee  having  been  authen¬ 
ticated  by  the  employer  identity  server 
where  it  stores  employee  IDs.  Acme  then 


can  check  the  SAML  assertion  in  the 
request  to  ensure  that  the  employee  iden¬ 
tity  is  valid,  and  returns  the  requested 
quote  to  the  employer  for  formatting  and 
display  on  the  Intranet  portal. 

Different  employees  might  be  eligible  for 
different  discount  on  insurance  policies 
based  on  their  position  and  years  of  senior¬ 
ity  with  the  employer.  The  employer  can 
insert  SAML  attribute  assertions  on  relevant 
attributes  for  each  employee.  Acme  then, 
based  on  different  attributes,  can  quote  a 
different  price. 

How  can  Acme  ensure  the  employee  did 
not  fake  a  SAML  assertion  claiming 
authentication  by  the  employer?  While  not 
a  requirement,  SAML  provides  guidelines 
on  signing  the  message  to  provide  message 
integrity  authenticity  and  non-repudiation. 
In  our  example,  the  employer  can  sign  the 
message  and  Acme  then  can  verify  the  sig¬ 
nature  before  allowing  a  message  through. 
Parts  of  the  message  containing  sensitive 
information,  such  as  the  employee’s  Social 
Security  number,  also  can  be  encrypted. 

If  the  employee  wants  to  subsequently 
buy  insurance  from  Acme,  the  employers 
might  have  rules  for  letting  some  employee 
do  so  over  the  Web,  while  others  must  sub¬ 
mit  written  forms  to  human  resources. 
Acme  can  make  a  SAML  authorization 
query  back  to  the  employee’s  SAML  server 
and  ask  if  the  request  should  be  honored. 

Federated  identity  management  tech¬ 
nologies  such  as  SAML  can  open  a  Web 
service  to  business  partners  and  their 
authorized  users  while  securely  controlling 
access. 

Xiong  is  product  marketing  manager  for 
DataPower.  She  can  be  reached  at  rxiong@ 
datapower.com. 


Dr.  Internet 


by  Steve  Blass 


We  keep  getting  e-mail  attachments  in  winmail. 
dat  flies  and  can't  open  them.  What's  going  on? 
Is  there  a  utility  that  can  extract  the  attach¬ 
ments  from  these? 

When  Outlook  or  Outlook  Express  users  send 
e-mail  composed  using  Rich  Text  Format,  the  at¬ 
tachments  often  get  transmitted  in  winmail.dat 
form,  which  contains  the  material  in  ms-tnef  for¬ 
mat.  Many  other  mail  clients  cannot  unpack  these. 


Often,  Outlook  Express  can't  open  them  either. 
The  Microsoft  Knowledge  Base  answer  is  to  have 
the  sender  re-send  the  e-mail  in  plain  text  format. 

There  are  tools  that  can  retrieve  your  docu¬ 
ments  from  the  winmail.dat  file.  A  Web-based 
extractor  (www.nwfusion.com,  DocFinder:  4829) 
lets  you  upload  the  winmail.dat  attachment  and 
have  the  extracted  file  returned.  You  also  can 
download  the  software  the  service  uses  under  the 
general  public  license.  A  desktop  utility  called 


tnefclean  is  available  at  DocFinder:  4830.  Another 
utility,  WMParser,  is  free  at  DocFinder:  4831.  For 
Linux  systems,  the  Debian  version  can  be  installed 
with  the  command  “apt-get  install  tnef."  A  Web 
search  on  “tnef"  or  "winmail.dat"  will  provide  other 
extraction  tools. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.  internet© 
changeatwork.  com. 


-A  ..  . 

Technology  Update 

www.nwfusion.com 

38 

NetworkWorid 

11/29/04 

GEARHEAD 
INSIDE  THE 

NETWORK 

MACHINE 

Mark 

Gibbs 

%] 

Glearing  our  desl 

sent  us  MNM  to  test.  While  MNM  doesn’t 
support  multihoming,  it  makes  switching 
between  various  configurations  so  easy  that 
it’s  a  workable  alternative. 

MNM  lets  you  define  profiles  that  specify 
all  the  attributes  of  networking  you  might 

k 

less  only  in  the  office,  wired  only  in  the  Our  next  book  is  definitely  to  be  kept 

office,  everything  in  the  office  and  a  mini-  close  at  hand  if  you’re  not  a  Linux  wizard 

malist  configuration  for  when  we  travel.  —  The  Linux  Cookbook,  2nd  Edition  by 

This  is  an  incredibly  useful  tool  and  at  Michael  Stutz.This  book  is  a  collection  of 

$36  per  seat  it  is  a  great  investment  for  “recipes”  for  getting  things  done  under 

power  users.  Linux. 

i  his  week  as  we  try  to  get  back  to  real¬ 
ity  after  a  few  days  off  and  a  diet  of 
cold  turkey  we’re  trying  to  catch  up 
with  a  few  review  items. 

The  first  is  a  utility  from  Globesoft  called 
MultiNetwork  Manager  (MNM)  (see  www. 
nwfusion.com,  DocFinder:  4825)  that  sort 
of  solves  a  problem  we  recently  wrote 
about.The  problem  was  trying  to  configure 
Windows  XP  for  multihoming.  We  wanted 
to  have  a  DHCP  assigned  address  and  a  sta¬ 
tic  address  on  the  same  interface,  and  the 
only  solution  we  found  was  a  nasty  piece 
of  registry  work. 

As  an  aside,  some  of  you  wrote  in  to  say 
we  had  delivered  just  the  solution  you 
needed  while  a  couple  of  you  said  the 
problem  could  be  solved  through  regular 
Windows  configuration  tools.  These  latter 
readers  were  mistaking  the  alternate  IP 
address  facility  as  support  for  multihom- 
ing.There  really  is  no  way  to  do  multihom¬ 
ing  without  registry  hacking. 

Globesoft  got  in  touch  after  that  piece  and 


want  to  change.  For  each  profile  you  cre¬ 
ate  you  can  select  which  network  card(s) 
should  be  enabled  and  whether  they 
should  use  static  or  DHCP  addresses, 
which  drives  and  printers  should  be  con¬ 
nected  and  which  shares  should  be  en¬ 
abled,  which  applications  to  run  on  con¬ 
nection,  which  workgroups  and  domains 
should  be  selected,  and  so  on  —  pretty 
much  all  the  things  you  could  hope  to 
define. 

In  operation,  MNM  is  presented  as  a  box 
on  the  Windows  logon  screen  so  you  can 
select  a  profile  before  accessing  anything. 
After  logon,  MNM  becomes  an  icon  in  the 
system  tray  In  both  cases, selecting  a  profile 
switches  network  configuration  in  a  few 
seconds. 

MNM  also  can  enable  or  disable  the  Win¬ 
dows  firewall,  perform  autodiscovery  to 
scope  out  the  network  configuration,  save 
that  data  as  a  profile  and  track  when  you 
use  each  profile  in  an  XML  formatted  log. 

While  MNM  doesn’t  address  multihom¬ 
ing,  it  lets  us  have  configurations  for  wire- 


A  product  many  of  you  will  feel  an  imme¬ 
diate  need  to  buy  is  a  T-shirt  printed  by 
ThinkGeek  (DocFinder:  4826)  that  simply 
reads,  “No,  I  will  not  fix  your  computer” 
Perfect  apparel  to  wear  around  relatives 
and  neighbors. 

Another  item  of  clothing  we  must  men¬ 
tion  comes  from  Syswear.  This  T-shirt  (Doc¬ 
Finder:  4827)  shows  a  picture  of  a  twig  and 
underneath  it  the  slogan,  “You  must  be  as 
smart  as  this  stick  to  use  the  Internet.” 

As  we  burn  off  our  Thanksgiving  indul¬ 
gences  we  also  wanted  to  mention  a  few 
books  we’ve  taken  a  look  at.  The  first  is 
suitable  to  hand  out  while  wearing  your 
ThinkGeek  T-shirt;  it  is  Home  Networkings 
Visual  Do-It-Yourself  Guide.  Written  by 
Brian  Underdahl,  it  does  a  fine  job  of  cov¬ 
ering  all  the  components  and  technology 
your  relatives  and  friends  need  to  get  a 
clue.  While  it  won’t  make  them  experts,  it 
will  at  least  get  them  thinking  in  a  way 
where  they  will  understand  what  you’re 
talking  about  and  be  better  able  to 
explain  their  problems. 


Can’t  remember  how  to  get  information 
about  an  X  Window?  Page  107,  recipe  4.3.6 
reminds  you  that  the  tool  you  need  is  xwin- 
fo.  Forgot  how  to  write  a  regular  expression 
to  match  a  Social  Security  number?  You’ll 
find  the  answer  (“  [0-9]  {3}-?  [0-9]  {2}-?  [0- 
9]  {4}”)  on  page  343.  If  you  are  working 
seriously  with  Linux,  here  are  737  pages 
you  need. 

If  you  are  a  Linux  wizard  or  want  to 
become  one,  you’ll  need  Linux  Kernel 
Development  by  Robert  Love.  It  starts  with 
a  brief  but  useful  introduction  to  operat¬ 
ing  systems  and  kernels  and  then  goes  on 
to  break  down  the  architecture  of  Linux 
very  clearly  It  also  has  an  attribute  we 
love:  It  gets  to  the  point  quickly  making 
the  reasonable  assumption  that  the  reader 
has  a  clue.  We  wish  more  books  were  writ¬ 
ten  like  that. 

Well,  after  all  that  we’re  feeling  a  little 
“snackish.”Wonder  if  there’s  any  turkey  left? 

Dining  suggestions  to  gearhead@gibbs. 
com. 


Quick  takes 
on  high-tech  toys 

By  Kesth  Shaw 


The  scoop:  Sprint/Sanyo  Multimedia  Phone  MM-7400 
about  $200  (after  rebates,  plus  service  plans). 

What  it  does:  The  MM-7400  is  a  classy  little  cell 
phone  that  includes  the  latest  technologies, 
including  a  video  camcorder  and  digital  cam¬ 
era  that  lets  you  take  15-second  video  clips  or 
still  photos  and  send  them  to  other  phone 
users  or  e-mail  addresses.  The  clamshell-style 
phone  includes  a  large,  brightly  lit  color 
screen  (65,000-plus  colors)  and  a  smaller 
external  color  screen.  Other  features  include 
speakerphone,  a  walkie-talkie  feature 
(through  Sprint’s  ReadyLink  service),  and 
changeable  faceplates. 

Why  it’s  cool:  Unique  to  this  phone  is 
the  inclusion  of  a  Media  Player  that 
offers  on-demand  video  programming 
over  the  Sprint  PCS  wireless  network 
(Code  Division  Multiple  Access  lx) 

Powered  by  MobiTV,the  service  lets 
users  download  programming  to 
the  phone  (for  a  monthly  sub¬ 
scription  fee  per  channel  cho¬ 
sen).  Users  then  can  “watch  TV'” 
on  their  cell  phone,  albeit  on  a 
tiny  screen  at  clunky  frame  rates, 
up  to  15  frames  per  second. 

Content  available  when  we  tested 


The  MM-7400  lets  you  wirelessly 
download  video  content  on 
demand. 


included  programs  such  as  CNN  News  updates, Weather 
Channel  forecasts,  E!  Entertainment  News  and  Fox 
Sports  updates,  to  name  a  few. The  subscriptions  for  the 
video  content  seems  high  for  consumer-marketed  con¬ 
tent,  but  users  who  need  on-demand  content  might  be 
willing  to  pay  for  the  extra  service. 

We  were  also  impressed  with  the  video 
camera  and  digital  still  camera  functions 
—  the  technology  has  improved  greatly 
since  the  last  time  we  checked  out 
camera  phones. While  initially  we  couldn’t 
save  the  photos  to  the  phone  (it  will  be 
great  when  we  can  save  videos  and 
photos  directly  to  a  memory  card),  we 
could  upload  them  easily  to  a  Sprint 
Web  site  or  send  to  an  e-mail  address. 

When  we  got  the  e-mail  from  Sprint,  we 
downloaded  the  photos  or  videos  to  our 
PC.  The  system  promises  up  to  3.5  hours 
of  battery  life  talk  time  and  up  to  12  days 
in  standby  mode,  but  we  had  to  recharge 
the  phone  after  only  a  few  days  in  standby 
mode  (although  we  did  use  the  phone  a  lot  to 
take  photos  and  videos). 

Grade:  ★★★★  (out  of  five) 

The  scoop:  P910i,  by  Sony  Ericsson,  about  $800. 
What  it  does:  The  P910i  is  the  ultimate  mobile 
device  for  the  busy  executive.  There  are  so  many  fea¬ 
tures  on  the  P910i  smart  phone  that  you  might  spend  a 
few  days  just  figuring  out  everything  you  can  do  with  the 
device.  At  the  core  is  a  cell  phone  (GSM/General  Packet 
Radio  Service),  but  the  P910i  also  includes  PDA  func¬ 
tionality  (calendar,  contacts,  notes),  a  digital 
camera/video  camera,  digital  audio  player, 
messaging  center  (e-mail,  text  messaging, 
multimedia  messaging),  Internet  browser 
and  lots  of  other  applications  aimed  at 


mobile  professionals  (such  as  a  PDF  reader,  world  time 
locator  and  currency  converter). 

The  phone  keypad  flips  open  to  reveal  a  larger  color 
screen  and  a  small  keypad  for  typing  text  messages. You 
also  can  use  a  stylus  and  the  touch  screen  for  input,  or 
use  the  scroll  wheel  on  the  side  of  the  P910i  for  one- 

handed  operation.  A  Mem¬ 


The  number  of 
applications  on 
the  P910i  made 
this  more  than 
just  a  cell 
phone  or  a  PDA. 


ory  Stick  Duo  slot  is  avail¬ 
able  for  file  storage,  handy  if 
you  want  to  listen  to  a  lot  of 
music  files. 

Why  it’s  cool:  The  vast  num¬ 
ber  of  applications  available 
on  the  P910i  make  this  more 
than  just  a  cell  phone,  and  more  than  just 
a  PDA.  The  applications  were  all  easy  to 
learn,  and  the  integration  between  some 
of  the  phone  applications  and  the  PDA 
applications  impressed  us.  For  exam¬ 
ple,  it  was  very  easy  to  find  a  contact 
and  then  immediately  dial  that  per- 
son.The  camera  function  lets  you 
take  a  photo  of  your  contact 
and  then  attach  the  picture  to 
the  contact  entry 

We  also  thought  it  was 
very  cool  to  take  a  regular  MP3  file, 
transfer  that  to  our  phone  and  then  use  it  as  a 
ring  tone.  Transferring  files  from  the  PC  to  the  phone  is 
made  simple  through  a  synchronization  program  and 
desktop  cradle  that  also  can  recharge  the  device. 

The  only  downside  we  discovered  was  the  flip-up  key¬ 
pad  had  keys  that  were  very  tiny,  making  two-handed  typ¬ 
ing  very  difficult.  Other  than  that,  we  couldn’t  find  much 
wrong  with  this  very  smart  device. 

Grade:  ★★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com. 


\\\VvV 

VWWAXVV 


Juniper  ^qO/-  Net 


TTreA  df  the  re^isfafict  td  CJtcb 

-fr<m  N efu)irk  Security  4ea'4?4  t#  iDsfk 
aufsiAz*  the  bd/. 


»  Wanted:  Shakers  and  movers — those  who  not  only  think  outside  the  box,  but 
who  smash  it.  Juniper  Networks  helps  you  change  your  company  for  the  better. 
Installing  sophisticated  connectivity,  instilling  confidence.  So,  take  command  of 
your  network  with  increased  intelligence,  ensured  reliability  and  impenetrable 
security.  Juniper  your  net. 


Juniper  Networks  Is  proud  to  transform  security  in  networking  through  our  addition  of  NetScreen  Technologies: 

Deep  Inspection  Firewall  I  IPSec  and  SSL  VPN  I  Intrusion  Detection  and  Prevention  I  Antivirus  I  Central  Management 


©2004  Juniper  Networks 


11/29/04 


www.nwfusion.com 


ON  TECHNOLOGY 

Cara  Garretson 

Talk  among 
yourselves 


Cybercri 


We  all  know  how  helpful  it  can  be  to  discuss  a  prob¬ 
lem  with  someone.  Be  it  through  support  networks, 
industry  associations,  group  therapy  whatever,  bur¬ 
dens  often  become  lighter  when  we  share  them  with  others 
who  can  offer  advice,  information,  or  even  just  an  ear. 

Yet  when  it  comes  to  cybercrime,  a  problem  that’s  bound 
to  get  worse  before  it  gets  better,  companies  clam  up.  As 
detailed  in  the  first  story  (“The  story  behind  the  stats,”  page 
42)  in  our“Profiling  Cybercrime” special  section,  few  com¬ 
panies  report  cybercrime  to  law-enforcement  officials.  It’s 
understandable  why  companies  don’t  issue  press  releases 
that  scream  “Network  infiltrated,  thousands  of  consumers’ 
credit  card  information  revealed!’’We  all  know  that  can 
lead  to  fleeing  customers,  crashing  stock  prices, 
maybe  even  dismissals 

Yet  according  to  law-  -  .PROFILIN 

enforcement  officials, 
including  the  FBI’s 

Computer  Intrusion  Section  chief,  (see  “Serious  busi¬ 
ness,”  page  52),  there’s  little  hope  of  cracking  down  on 
these  criminals  without  more  information  about  them. 
Unfortunately  it’s  up  to  the  victims  to  stick  their  necks  out 
and  come  forward,  much  like  Authorize.net  did  with  its 
recent  distributed  denial-of-service  attack  as  told  in  the 
story  “Victim’s  rights”  on  page  54. 

But  there’s  another  way  to  help  stem  cybercrime:  Talk 
among  yourselves.  If  companies  begin  sharing  information 
with  others  in  their  industry  about  cybercrime  attacks,  they 
might  be  able  to  help  prevent  future  attacks.  By  sharing 
information,  patterns  can  be  detected  so  that  networks  can 
be  reinforced  accordingly  and  criminals  lose  the  element 
of  surprise.  Companies  could  share  ideas  about  security 
technology  procedures  and  policies  that  work,  and  more 
importantly  ones  that  don’t. 

The  formation  of  tightly  knit,  trusted  groups  that  share 
cybercrime  and  security  information  in  a  variety  of  indus¬ 
tries  also  could  help  law-enforcement  officials  in  their 
quest  to  profile  perpetrators,  assuming  a  communications 
mechanism  could  be  established  to  feed  authorities  infor¬ 
mation  about  attacks  without  revealing  the  victims. 

Maybe  this  is  something  you  do  already;  you  bump  into 
a  competitor  at  an  industry  event  and  commiserate  about 
the  stresses  of  your  job.  Or  maybe  the  idea  of  sharing  sen¬ 
sitive  information  about  your  network’s  vulnerability  with 
a  rival  sounds  like  heresy 

But  history  shows  industries  that  share  information 
about  common  threats  often  benefit  from  it.  It  has 
worked  for  the  banking  industry,  for  ISPs,  and  it  can 
work  for  you,  too. 

—  Cara  Garretson 
Senior  editor 
cgarretson@nww.  com 


epnr  ms 


! 


By  a  whisker 

Regarding  the  story  “Testing  your  mettle:  Zinc 
whiskers  in  the  data  center”  (www.nwfusion.com, 
DocFinder:  4822):  All  data  center  managers  should 
be  aware  of  this  issue.  I  found  it  interesting  that  the 
old  mainframe-centric  data  centers  were  basically 
dismissed  as  having  issues  with  zinc  whiskers.  I  met 
data  center  consultant  Bob  Sullivan,  who  is  quoted 
in  your  story,  when  my  previous  employer’s  data  cen¬ 
ter  (35,000  square  feet  and  state  of  the  art)  started 
experiencing  a  significant  number  of  disk  drive 
problems.  The  circuit  boards  had  gotten  small 
enough  that  the  whiskers  would  short  across  them 
and  cause  problems.  Finally,  IBM  flew  “Dr.  Bob”  in  to 
look  at  our  setup.  He  diagnosed  the  problem  in 
about  5  minutes.  Then  we  spent  many  months 
replacing  all  floor  tiles  while  decontaminating  the 
entire  room  and  airflow  system. 

Jon  Steele 
Midland,  Mich. 

Congratulations  on  your  well-written  story  on 
zinc  whiskers.  Environmental  factors  other 
than  temperature  and  humidity  are  often 
overlooked.  I  investigated  the  deterioration  of 
beryllium  copper  fingerstock  used  in  main¬ 
frame  cabinet  doors  some  years  ago.  A  variant  of  this 
material  is  used  in  many  sockets  in  server  mother¬ 
boards  today  The  problem  was  traced  to  ammonia 
in  cleaning  supplies  maintenance  people  were 
using  to  clean  the  floors.  Data  center  managers  also 
should  take  care  not  to  wax  conductive  tile  floors 
lest  they  destroy  the  anti-static  properties  for  which 
they  paid  dearly.  Drywall  dust  from  construction  pro¬ 
jects  is  a  particularly  fine  and  abrasive  contaminant 
that  can  affect  tape  drives  and  libraries. 

Michael  Frost 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


President 
Michael  T.  Frost  Associates 
Chicago 

Pursuing  other  options 

In  his  Gearhead  column  “Eccentricities  of  Windows 
networking” (DocFinder: 4823), Mark  Gibbs  asks,“[I]s 
Windows  XP’s  TCP/IP  implementation  as  pathetic  as 
we  suspect  it  is?”  Gibbs  just  noticed?  Since  DOS  2.0, 
1  have  found  other  operating  systems  to  be  far  better 
at  handling  and  configuring  their  network  inter¬ 
faces.  As  I’ve  whined  for  years,  Microsoft  knows 
and/or  cares  very  little  about  how  the  PC  deals  with 
the  outside  world.  It  appears  that  Windows  is  there 
only  to  sell  Office,  which  really  needs  to  communi¬ 
cate  only  with  a  printer. 

Networking?  NETBIOS;  ’nuff  said.  Internet  access? 
Late  into  the  pool  with  a  browser  that’s  still  the  moth¬ 
er  of  all  exploits.  IPConfig?  Back  to  a  DOS  box  in 
Windows  2000  from  an  application  with  a  GUI  in 
Windows  98. These  are  some  of  the  many  reasons  I 
now  run  Linux  on  notebook  and  desktop. 

William  Flanagan 
President 
Flanagan  Consulting 
Sterling, Va. 

Stop  spam  at  the  source 

While  the  story  “E-mail  at  a  crossroads”  (DocFinder: 
4824)  makes  some  valid  and  important  points,  it  still 
leaves  me  wondering  whether  we  are  looking  to 
control  spam  from  the  wrong  area.  If  spammers  are 
being  paid  to  send  these  e-mails  out,  why  are  we  not 
looking  to  stop  the  companies  that  are  paying  them? 
This  would  quash  the  problem  from  the  source. 

Kevin  Geary 
Exchange  administrator 
dbSoft 
Rochelle  Park,  N.J. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  4821 


PELFTe? 

PELFTF 

felTTF 

| 

PEtXTE 

pFlFTL 


DCLFTE 
PEIETU 
ITU  LETT 
pylfte 

pkeur  DeiETt 

[7FLETF  PClETt 

pCLFTET  DELETE^ 
PFCE IT  PFLETT 


www.nwfusion.com 


11/29/04 


3twon:Woril 


DEMO  INSIGHTS 

Chris  Shipley 


Living  the  digital  life,  today 


Faster  than  anyone  really  expected,  we 
have  become  fully  immersed  in  a  digital 
lifestyle.  We  would  sooner  leave  our 
homes  without  our  wallets  than  without  our 
cell  phones.  TiVo  has  changed  the  way  we 
watch  television.  Our  music  buying  and  listen¬ 
ing  habits  have  been  complete 
ly  altered  by  iTunes  and  the  like.  E-mail  reaches  us  no  mat¬ 
ter  where  we  travel.  More  and  more  homes  are  outfitted 
not  only  with  broadband  connections  but  also  with  wire 
less  networks. We  have  become  always-on,  always-connected  people. 

Yet  as  consumers  of  this  technology  were  swept  up  in  a  tsunami  of 
change.  Business  technology  companies  such  as  Del!  and  HP  are  push¬ 
ing  into  consumer  electronics.  Consumer  technology  companies  such 
as  Sony  have  become  firmly  established  in  the  PC  business.  New  com¬ 
panies  such  as  Akimbo,  Sonos  and  Roku  have  stepped  into  the  middle. 

As  old  brands  re-invent  themselves  to  compete  in  the  converging  con¬ 
sumer  electronics  and  computing  markets,  and  new  brands  work  to 
establish  themselves  as  innovation  leaders,  there’s  little  that  is  certain  as 
this  new  market  seeks  its  definition.  Will  products  be  computer-centric 
programmable  platforms?  Or  will  computational  power  and  electron¬ 
ics  be  hidden  behind  slick  designs  and  minimalist  user  interfaces?  Can 
technology  solve  vexing  digital  rights  issues,  or  will  old  business  mod¬ 
els  trump  consumer  choice  and  flexibility?  Will  IP  networks  usurp  car¬ 
riers  as  the  delivery  platform  for  voice,  video  and  data? 

The  digital  life  is  pieced  together  from  many  parts,  which  we’re 
attempting  to  assemble  in  a  special  Living  Digital  showcase  at 


DEMO@15! 


Demo@15!,the  15th  anniversary  of  the  Demo  Conference,  to  be  held 
Feb.  13-15  in  Scottsdale,  Ariz.  Here’s  what  we  think  belongs  in  the  dig¬ 
ital  home: 

Broadband  Internet:  Internet  connectivity  that  delivers  the  best 
throughput  and  value. 

Home  networking:  a  wireless  network  that  delivers  reliable,  manage¬ 
able  broadband  throughout  the  home. 

Digital  media  consumption:  the  display,  controllers, 
audio  systems  and  other  components  that  let  us  manage 
and  enjoy  digital  entertainment. 

Digital  media  creation:  a  complete  workshop  for  home  photography 
video,  and  music  creation  and  sharing. 

Home  office:  technology  that  lets  us  work  from  home  as  easily  as  at 
the  office. 

Home  control  and  automation:  state-of-the-art  technologies  that  man¬ 
age  and  secure  the  home. 

Integrated  communications:  balancing  the  value  of  VoIP  solu¬ 
tions  with  the  familiarity  of  traditional  phone  systems,  e-mail  and 
voice  messaging. 

You  can  experience  this  digital  lifestyle  foryourself  at  Demo@15!  And 
if  you  can’t  join  us  in  person,  tour  the  Living  Digital  showcase  online. 
For  more  information,  go  to  www.demo.com/demo2/. 

Shipley  is  executive  producer  of  The  Demo  Conferences,  a  Network 
World  -owned  event  that  showcases  emerging  technology  products  and 
services,  and  a  veteran  technology  watcher.  She  can  be  reached  at 
chris@demo.  com. 


We  have  become 

always-on, 

always-connected 

people. 


YANKEE  INGENUITY 

Howard  Anderson 

I  frankly  don’t  have  much  use  for  cell 
phones  that  can  send  pictures  or  video. 
And  it  will  be  a  cold  day  in  hell  before 
you’ll  catch  me  playing  a  video  game  on 
one.  But  there’s  one  cell  phone  application  I 
would  dearly  love  that  Verizon  is  about  to 
launch. 

The  two  of  you  who  still  believe  in  convergence  will  tell  me  that 
you’ll  watch  video  on  demand  and  first-run  movies  while  sending 
streaming  video  and  e-mails  via  your  BlackBerry  or  Motorola  6620. 
The  real  issue  isn’t  whether  it’s  technically  possible  to  do  all  of  these 
neat  telephony  Swiss-Army-knife  applications.  I  can  make  my  cell 
phone  into  a  Palm  Pilot,  get  iPod  music  on  it,  make  it  into  a  com¬ 
puter  or  even  a  walk-about  TiVo.  So  what?  It  won’t  do  any  of  these 
things  well  and  will  become  a  kludgy  artifact  that  will  stay  at  the  bot¬ 
tom  of  my  desk  drawer  like  all  the  other  cell  phone  orphans  residing 
in  that  electronic  graveyard. 

But  finally,  finally,  Verizon  is  about  to  launch  a  service  that  lever¬ 
ages  what  cell  phones  do  best:  provide  mobility.  Location  services 
are  fine  ...  as  long  as  you  aren’t  mobile.  But  wouldn’t  you  like  to 
know  exactly  where  your  kid/spouse/dog/car  is  while  you  yourself 
are  moving?  I  would. 

Imagine  a  service  for  $10  per  month  that  would  have  five  or  six  of 
these  “points”  hard-wired  into  your  cell  phone. Touch  an  icon  and  it 
would  show  you  exactly  where  Thing  No.  1  is  ...  as  long  as  he/she/it 
had  a  cell  phone  or  a  $90  geo-positioning  tag.  Then  your  phone 
would  tell  you  exactly  how  to  get  to  that  person  or  thing  from  where 
you  were. 

I  paid  about  $1,000  for  LoJack  for  my  car . . .  it’s  been  five  years  and 
I  have  never  used  it.  But  I  have  lost  my  car  in  countless  parking 
garages.Yes,  I  would  like  a  system  that  would  tell  me  to  go  200  yards, 
turn  right  and  there’s  my  car. 

What’s  in  this  for  Verizon?  For  one  thing,  it’s  a  “sticky”  application 


Lassie,  come  home 


that  will  reduce  churn.  Churn  is  the  percentage  of  customers  who 
tell  a  company  to  take  a  hike  during  the  year.  If  2%  of  Verizon’s  cellu¬ 
lar  customers  switch  to  another  carrier  each  month,  Verizon  loses 
about  21.5%  each  year.  It’s  hard  to  recapture  those  lost  customers. 
What  do  you  think  it  costs  for  a  cellular  carrier  to  add  a  new  client? 
Take  all  their  advertising  and  divide  by  the  number  of  new  cus- 
tomers.The  real  number  is  north  of  $400. That  means  for  the  first  full 
year,  the  carrier  makes  no  profit  on  that  new  customer.  Now  assume 
that  the  customer  leaves  —  and  add  onto  that  number  portability. 
There  used  to  be  very  real  pain  in  moving  from  one  carrier  to  anoth¬ 
er,  but  today  that  pain  is  gone. 

But  if  the  carrier  can  add  a  service  for  $10  per  month  that  increases 
the  number  of  minutes  a  customer  uses  and  decreases  his  likelihood 
of  churning,  then  this  is  a  service  that  is  fully  worthy  of  millions  of 
dollars  of  advertising  and  having  the  voice  of  James  Earl  Jones  doing 
his  God  imitation. 

The  trick  to  this  marvelous  technology  comes  out  of  the  military. 
How  do  you  get  a  moving  tank  to  hit  another  moving  vehicle?  By 
using  some  very  sophisticated  algorithms  for  which  you,  Mr.  And  Mrs. 
Taxpayer,  already  have  coughed  up  considerable  dollars.  What 
Verizon  is  doing  is  less  cell  technology  than  it  is  using  the  cell  phone 
as  a  display  tool. 

I  want  it.  1  want  to  know  where  my  wife  is  and  whether  she  can  pick 
up  Kid  No.  2. 1  want  to  know  where  Lassie  is  right  now.  And  I  want  to 
activate  Lassie’s  cell  phone  and  tell  her  if  she  doesn’t  come  home 
right  now  (“and  I  mean  now!”)  I  will  give  away  her  dinner  to  that 
Rottweiler  that  lives  down  the  street. 

Anderson  is  senior  managing  partner  of  YankeeTek  Ventures,  a 
Cambridge,  Mass.,  venture  capital  fund  for  early-stage  technology  com¬ 
panies.  He  also  is  founder  of  The  Yankee  Group  and  the  William  Porter 
Distinguished  Lecturer  at  the  Massachusetts  Institute  of  Technology.  He 
can  be  reached  at  handerson@yankeetek.com. 


Wouldn't  you  like 
to  know  exactly 
where  your  kid/ 
spouse/dog/car 
is  while  you  your¬ 
self  are  moving? 


POliCF  LiNE.-JOk: 


ts  combat  thorn  in  the 
imiualf  Bt/GShistirvev.  DocFinder:  4742. 


*  Tr»m  more:  atfcib  the  govcrriitioiit’s  efforts  ami 


^)}Q(B  :'iiitefvinw  with  tfir:  briief-:  of  the  FBI's 


Kitnister'Seclrnn  DocFinder:  4733. 


— - - 


ure  science 


m 


_ 


Network  threats  and  defense  strategies  I  11. 29. 04 


The  outlook  on 
cybercrime 

is  good. 


Cyberattacks 


nies  with  500  or  more 
employees  lost  $162  million. 

Both  the  Network  World  and  the 
CSI/FB1  studies  show  that  the  greatest  financial  losses  stem 
from  everyday  threats  such  as  viruses  and  worms. 

While  companies  feel  better  today  about  their  ability 
to  fend  off  everyday  threats  (see  graphic),  the  percent¬ 
age  of  Network  World  respondents  who  said  they  were 
confident  or  very  confident  in  their  security  measures 
still  only  ranked  in  the  65%  range.The  inverse:  Some 
35%  still  feel  vulnerable. 

Even  more  —  45%  or  so  —  still  feel  vulnerable  to  the  dif¬ 
ferent  forms  of  targeted  threats,  such  as  theft  of  company 
data  or  customer  information. 


What  you  don’t  see 

Self-doubt  can  be  a  good  thing  when  it  comes  to  security, 
especially  with  crime  getting  more  nefarious. 

Cybercrime  is  difficult  to  comprehend  because  often 
there  is  no  tangible  theft, says  Mark  Lobel,  director  of  secu¬ 
rity  and  privacy  services  with  PricewaterhouseCoopers. 
Computers  still  are  chugging  away  in  the  server  room,  yet 
criminals  might  have  copied  or  altered  data  and  used  that 


are  down,  compa¬ 


nies  are  losing  less 


money  network  executives  are 


more  confident  than  ever  about 


the  safeguards 


they  have 


in  place,  and 


companies  are 


ramping  up  auditing  to 


stay  ahead. 

Those  are  some  of  the  conclusions 
reached  in  a  Network  World  survey  and  in 
the  annual  survey  by  the  Computer 
Security  Institute  (CSI)  and  the  FBI’s 
Computer  Intrusion  Squad. 

But  not  all  of  the  news  is  reassuring. 

Confidence  in  network  security  is  indeed  higher 
than  it  was  three  years  ago,  but  still  not  what  you 
would  call  high.  And  more  and  more  crime  goes 
unreported. 

However,  it  is  hard  to  misinterpret  the  basic  message  of  the 
latest  CS1/FBI  findings  —  the  number  of  successful  attacks 
on  computer  systems  has  been  in  decline  since  2000,  with 
only  53%  of  respondents  to  the  eighth  annual  CSI/FB1  sur¬ 
vey  saying  they  experienced  unauthorized  use  of  computer 
systems.This  is  compared  with  70%  in  2000. 

Another  encouraging  sign:The  percentage  of  companies 
that  experienced  only  one  to  five  computer  security  inci¬ 
dents  in  the  previous  year  grew  from  33%  in  2000  to  47%  in 
this  survey 

Perhaps  most  importantly,  the  CSI/FBI  study  shows  total 
losses  falling  30%  from  $202  million  last  year  to  $142  mil¬ 
lion  in  the  2004  study 

Network  World’s  own  research  roughly  validates  that  find- 
ing.The  263  companies  surveyed  in  September  estimated 
they  had  a  collective  annual  loss  of  $178  million. The  larger 
the  company  the  greater  the  losses.The  1 18  companies  with 
less  than  500  employees  together  lost  $16  million,  while  the 


By  Cara  Garretson  and  Jim  Duffy 


m  Marcus  Rogers  seeks  answers  about 
what  motivates  cybercriminals. 


The  battle  against 
cyberterror 


The  race  is  on  to  harden  critical  infra 
k  structure  before  cyberterrorists  gain 
^  enough  skills  to  launch  attacks. 
V  according  In  cybcrterror  expert 
W  trie  Byres. 


Is  the  law's  arm 
long  enough? 

Even  though  Congress  continues  lu  propose  laws  to 
deioat  spyware  and  spammers,-  il  seems  law 
enforcement's  hands  are  still  essentially  tied. 


Serious 

business 

-  ■  .  . 

flic  FBI’s  Dave  Thomas 
says  todays  eybercrook  is 
all  about  the  bottom  line. 


Victim's  rights: 

Cybercrime 
■>,,  retaliation 

s,  How  to  icact  when  you  have  been 
frit  by  a.  cyberattack. 


THE 


STATS 


Confidence 

Confidence  in  defenses  used  to  fend  off  everyday  threats  such  as  viruses  and  worms 
and  targeted  threats  such  as  theft  of  company/customer  information  is  higher  today 
than  three  years  ago  . . . 

Percentage  of  respondents  regarding  network’s  ability  to  fend  off  everyday  threats  and 
targeted  threats 


Everyday  threats 
Targeted  threats 


A  lot  more 
confidence 


A  little  more 
confidence 


Same  amount 


A  little  less 
confidence 


A  lot  less 


...  But  still  relatively  low  for 
everyday  threats  . . . 

Percentage  who  are  confident  or 
very  confident 


60"  o 


I  Viruses 
Worms 


DDoS 
Web  def. 


. . .  And  even  lower  for  targeted 
threats. 

Percentage  who  are  confident  or 
very  confident 


I  Sabotage 
Theft  co.  data 
Theft  customer  data 


Blackmail 

Cyberterrorism 


Types  of  threats 

Everyday  threats  such  as  viruses  and  worms 
represent  the  greatest  vulnerability  in  a 
monetary  sense  . . . 


. . .  And  perhaps  because  of  that  the  bulk  of  losses 
are  at  the  lower  end  of  the  dollar  scale  . . . 

Losser  per  company,  per  year 


. . .  And  why  external  threats  account  for  the 
largest  percentage  of  money  lost. 


Losses  internal  vs.  external 


Greatest  monetary  threat 

Not  sure  43.9%  — \ 


Both  the 
same 

27.5% 


Targeted 

threats 

22.5% 


Everyday 

threats 

43.9% 


External  threats 

61.93% 


Internal  threats 

38.28% 


$10M  to  $19.9M 
$5M  to  $9.9M 
$1 M  to  $4.9M 
$500,000  to 
$999,000 


$100,000  to 
$499,000 


E  STORY  BEHIND 


By  the  numbers 

A  survey  ol  280  Network  World  readers 


information  to  commit  identity  theft,  divulge  trade  secrets 
or  expose  proprietary  code. 

Another  disturbing  trend:“Not  stealing  data  but  modify¬ 
ing  its  integrity  says  John  Pironti,  a  security  consultant  with 
Unisys.“lf  I  can  disrupt  a  database,  I  might  be  able  to  cause 
more  hysteria  than  if  it  was  just  stolen.  If  it’s  stolen  you 
know  it,  but  if  I  start  changing, say,  prescription  data  so  it’s 
not  consistent, you  don’t  know  what  is  right.” 

“The  goal  of  young,  inexperienced  people  performing 
cybercrime  is  to  gain  notoriety’  Lobel  says.'The  goal  of  a 
professional  is  to  gain  access  to  information,  or  remove  or 
alter  information  in  a  completely  undetectable  manned’ 

Even  though  losses  from  computer  crime  seem  to  be 
declining,  the  security  community  is  fearful  that  the  finan¬ 
cial  opportunities  have  expanded  and  are  now  so  great 
that  even  organized  crime  is  paying  attention.  Some  say 
this  year’s  rash  of  phishing  schemes,  in  which  e-mail  users 


Law 

Companies  are  prepared  to  report  computer/ 
network  crime  . . . 

Report  crime  you  discover? 


Likely  28.5% 


Depends  on  the  crime  5.6% 
Not  likely  4.8% 


Somewhat  likely 

12.2% 


Very  likely  48.1% 


...  But  they  aren't  familiar  enough  with  the  laws  and  how 
to  report  crime,  nor  do  they  believe  the  laws  are  adequate. 

Laws  for  computer/network  crime 
(%  of  respondents  who  agree  or  strongly  agree) 

100% 

90% 

80% 

70% 

60% 

50% 

40% 

30% 

20% 

10% 

0% 

Familiar  with  System  is  Laws  are  Laws  are  Consequences 

legal  adequately  enforceable  adequate  are  adequate 

resources  structured  to 
ease  reporting 


Network  threats  and  defense  strategies  |  11. 29.04 


Auditing 

Even  though  companies  are  conducting  more 

security  audits  . . . 


. .  They  still  aren't  doing  that  many  . . . 


...  But  plan  to  do  more  in  the  next  12 
months . . . 


Number  of  audits  per  year  vs.  three  years  ago 


Number  of  audits  you  conduct  per  year? 


Compared  with  the  number  of  audits  you  do  today, 
plans  for  next  12  months 


How  will  you  conduct  the  increased  number 
of  audits? 


Less  2% 


Same  number 

26.6% 


i  More  today 

Not  sure  9%  ~i 

None 

Not  sure  13%  m 

70.43% 

Five  or  more 

!  . — 16.2% 

1 

13.9% 


Less  1% 


Four 

13.2%  ~ 


Three 

4.1% 


One 

27.4% 


Same  42% 


Two  1 6.2% 


receive  messages  that  appear  to  come  from  a 
bank  or  retailer  asking  them  to  divulge  personal 
or  financial  information,  have  been  orchestrated 
largely  by  organized  crime  groups  in  Russian  and 
Eastern  Europe. 

“We ’re  seeing  it  from  all  over  the  world. There  is 
no  doubt  that  the  level  of  sophistication  and  the 
level  of  knowledge  is  growing,”  says  Shelagh 
Sayers,  a  special  agent  in  the  FBI’s  San  Francisco 
bureau. “That’s  quite  a  challenge  to  keep  up  with. 
If  you  look  at  the  history  of  the  Internet,  it  hasn’t 
been  around  that  long.  I  just  can’t  imagine  that 
[attacks  are]  going  to  do  anything  but  increase.” 


The  real  story? 

The  success  of  targeted  crime  might  be  a  con¬ 
tributing  factor  in  why  more  companies  refuse  to 
report  computer  crime. 

Only  20%  of  the  companies  in  the  latest  CSI/FBI 
study  reported  security  breaches  to  law  enforce¬ 
ment  officials,  down  from  36%  in  2001. 

Reasons  for  not  reporting  cybercrime  range  from 
office  politics  and  fear  of  depressing  stock  prices  to 
management’s  fear  of  admitting  mistakes  and  a 
lack  of  resources. 

“We  thwart  thousands  of  attacks  everyday  says 
one  respondent  in  the  Network  World  survey“We 
don’t  have  the  resources  to  report  them.  Our  job  is 
to  keep  the  network  running,  not  litigate  infractions 
of  the  law? 

Companies  that  report  attacks  are  “the  very  very, 
very  tip  of  the  iceberg,”  Sayers  says.“There  are  entire 
sectors  of  the  economy  that  are  not  reporting,  and 
I’m  quite  sure  they  are  targets.” 

The  FBI  says  the  reluctance  to  report  crimes 
makes  it  difficult  to 


related  story,  page  50). 

More  than  75%  of  the  respondents  say  they  are 
likely  or  very  likely  to  report  computer  crimes,  but 
when  given  the  option  to  comment  on  the  state¬ 
ment, “I  am  familiar  with  the  legal  resources  at  my 
disposal  for  computer/network  crime,”  only  34% 
said  they  agreed  or  agreed  strongly.  And  when 
asked  if  the  legal  system  is  adequately  structured 
to  ease  the  reporting  of  computer/network  crime, 
only  10%  agreed  or  agreed  strongly. This  points  to 
a  larger,  longer-term  issue  the  industry  will  have  to 
resolve  with  the  legal  establishment. 

After  all,  the  fact  that  a  large  amount  of  crime 
goes  unreported  could  be  skewing  study  results 
like  those  from  the  CSI/FBI  that  suggest  crime  is 
on  the  wane. 

Add  that  to  the  fact  that  some  companies  don’t 
even  know  that  they  have  been  victimized  and 
the  picture  looks  even  less  pretty.  “We  cannot 
accurately  quantify  [cybercrime]  because  if  the 
crime  has  been  successful,  often  no  one  knows 
about  it,”  Lobel  says. 


enforce  the  laws,  much 
less  prosecute  perpetra¬ 
tors.  “Laws  only  work 
when  they’re  enforced, 
and  the  only  way  we 
can  enforce  laws  is 
when  we  have  the  infor¬ 
mation  we  can  act  on," 
Sayers  says.'Tf  a  company 


„v’e  cannot  accurately  quantify 
[cybercrime]  because  if  the 
crime  has  been  successful, 
often  no  one  knows  about  // 

Mark  Lobel,  director  of  security  and  privacy  services, 
PricewaterhouseCoopers 


is  victimized  and  they 

don’t  report  it,  we  don’t  get  to  track  down  that 
intruder  or  that  person  who  did  damage  to  their 
system.” 

But  the  Network  World  survey  shows  most  com¬ 
panies  have  the  desire  to  report  crime  but  lack 
the  knowledge  about  where  and  how  and  don’t 
have  faith  in  the  adequacies  of  the  laws  (see 


Fighting  back 

Knowledge  is  key  to  fighting  computer  crime, 
and  one  of  the  key  tools  in  knowing  how  vulnera¬ 
ble  you  are  to  attack  is  the  security  audit. 

The  good  news  revealed  by  the  Network  World 
survey  is  that  companies  are  doing  more  audits 
than  they  were  three  years  ago  (see  graphic, 
above),  but  that  is  tempered  by  the  fact  that  com¬ 
panies  still  aren’t  doing  many.  Sixty  percent  of  the 
respondents  are  doing  two  or  fewer  security 
audits  per  year,  with  the  bulk  doing  only  one. 

While  44%  of  the  respondents  said  they  would 
conduct  more  audits  in 
the  next  12  months  com¬ 
pared  with  what  they  do 
today  another  42%  said 
they  are  content  with  their 
current  practice. 

The  CSI/FBI  survey  went 
into  greater  detail  about 
what  technologies  compa¬ 
nies  are  using  to  fight 
back.  Firewalls  and  anti¬ 
virus  tools  are  almost  universally  adopted,  while 
71%  of  the  respondents  said  they  have  server- 
based  access  control  lists,  68%  said  they  use  intru¬ 
sion-detection  systems,  45%  use  intrusion-preven¬ 
tion  systems,  35%  use  smart  cards  or  other  one¬ 
time  password  tokens,  30%  use  public-key  infra¬ 
structure,  and  only  11%  use  biometrics. 


More 

44% 


t  sure  4.3% 


Use  more 

internal 

tools  and 

professional 

services 

36.8% 


While  all  this  purchasing  adds  up,  experts  say 
companies  still  aren’t  spending  enough  on  secur¬ 
ity  The  CSI/FBI  survey  found  that  24%  of  respon¬ 
dents  spent  only  1%  to  2%  of  their  IT  budget  on 
security,  and  16%  allot  less  than  1%. 

“1  suspect  that  we  don’t  spend  quite  enough  as  a 
percentage  of  IT  budgets”  on  security  products, 
says  CSI  Editorial  Director  Robert  Richardson. 
“About  half  of  the  respondents  say  they’re  getting 
somewhere  between  1%  and  5%  of  the  IT  budget.” 

Making  the  case  to  spend  millions  of  dollars  on 
products  that  might  protect  an  organization  from 
a  potential  attack  can  be  a  hard  sell,  says  one  CIO. 
But  it  helps  to  cite  the  alternative  —  paying  the 
price  of  suffering  an  attack. 

“When  I  went  to  [company  executives]  for  fund¬ 
ing  for  intrusion-protection  software,  it  was  really 
based  on  it  being  an  insurance  policy  against 
events  we’re  sure  are  going  to  happen,”  says  Barry 
Libenson,CIO  of  Ingersoll  Rand,  a  diversified  man¬ 
ufacturing  firm  with  roughly  30,000  users.  Liben- 
son  estimates  the  software  will  cost  his  organiza¬ 
tion  $2.5  million  in  2005,  but  that  figure  pales  in 
comparison  to  what  can  happen  if  the  company 
is  attacked. “A  system  outage  for  us  costs  millions 
of  dollars  an  hour.” 


Share  info 

In  addition  to  putting  technology  in  place  to 
thwart  cybercrime,  experts  say  companies  can 
help  themselves  by  helping  each  other.  No  com¬ 
pany  wants  to  expose  itself  to  the  criticism  or  loss 
of  competitive  edge  that  can  result  from  making 
an  attack  public,  but  sharing  information  can  help 
prevent  attacks.  * 

In  the  financial  industry  perhaps  the  biggest  tar¬ 
get  for  cybercrime,  finding  a  way  to  confidentially 
share  information  about  security  breaches  and 
how  to  prevent  them  could  go  a  long  way  in  help¬ 
ing  these  companies  protect  themselves,  says 
Sophie  Louvel,a  research  analyst  with  Financial 
Insights,  a  division  of  IDC.She  cites  banks  in  the 
1990s  that  began  sharing  information  about  fraud¬ 
ulent  checking  accounts.That  was  tremendously 
helpful,”  she  says. 

While  any  such  communication  would  need  to 
remain  confidential,  even  casual  conversations 
among  professionals  would  be  preferable  to  the 
tight-lipped  culture  of  todayThere  needs  to  be  a 
better  waj[’  Louvel  says. 

No  one  in  the  security  community,  it  would 
seem,  is  ready  to  ease  up,  regardless  of  what  the 
studies  show  about  crime  trends.  ■ 


— _ - ... 


. . .  Using  network  tools  and  internal  resources. 


Use  more 
internal  tools 

46.2% 


Use  more  professional  services  12.8% 


YOU  MAY  NOT  HAVE  TIME  TO  STUDY 
THE  TCO  OF  WINDOWS  AND  LINUX, 
BUT  THE  YANKEE  GROUP  DOES. 


"For  midsized  and  large  organizations,  a  significant 
Linux  deployment  will  neither  be  free  nor  easily 
accomplished.  In  fact,  respondents  at  large 
organizations  reported  that  a  wholesale  switch  to 
Linux  from  Windows  or  Unix  would  significantly 
increase  TCO  for  the  forseeable  future." 


i 


-Laura  DiDio,  The  Yankee  Group,  April 2004 
Linux,  Unix,  and  Windows  TCO  Comparison 


The  Yankee  Group,  a  global  research  and  consulting  firm,  concluded 
that  a  significant  switch  to  Linux  from  Windows  or  Unix  could  cost  three 
to  four  times  as  much  without  delivering  tangibly  better  performance  or 
business  value.  These  findings  are  based  on  a  non-sponsored  worldwide 
survey  of  1,000  IT  administrators  and  C-level  executives  in  midsized 
and  large  enterprises. 

To  get  the  full  study,  visit  microsoft.com/getthefacts 


2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Windows,  the  Windows  logo,  and  Windows  Server  System  are  either  registered  trademarks  or  trademarks  of  Microsoft 
Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


Microsoft' 


v 

'■ 


fS 


Window: 
Server  System 


Network  threats  and  defense  strategies  [  11.29.04 


1  ifJHft 

fir™ 

H  ,  V  ■■  ■! 

mTu  "SI  i 

A  PRflMT^TNfi  RTTT  TMMATTIRF  FFTFMrF 

A  JL  JL  JL  JL  JL*  J ILwaJ  JL  JL  *W  JLwwJ  LnmJI  w  m  JL  JL  an  JL  JUjL  JL  nJL  iartl  J»  JL.  JLmJI  I mkJ  LuboJ  «L  a  **>mJ  a  a  V  VaaaJ  JLmsJ 


Some  computer  criminals  are  techie  maver¬ 
icks  who  take  pleasure  in  writing  and  releas¬ 
ing  destructive  viruses.  Others  are  suit-wear¬ 
ing  professionals  who  steal  copies  of  their 
employers’  customer  databases  to  take  with 
them  when  they  quit.  Some  are  con  artists 
with  plans  to  scam  personal  information 
from  consumers  and  use  it  for  financial  gain. 

Experts  agree  knowing  more  about  the  dif¬ 
ferent  skills,  personality  traits  and  methods 
of  operation  of  computer  criminals  could 
help  the  folks  pursuing  these  criminals.  But 
a  lack  of  information  hinders  efforts  to  cre¬ 
ate  substantive,  reliable  profiles  of  the  peo¬ 
ple  behind  today’s  computer  crimes. 

“Like  in  traditional  crimes,  it’s 
important  to  try  to  under- 
stand  what  motivates 
these  people  to 
get  involved 


in  computer  crimes  in  the  first  place,  how 
they  choose  their  targets  and  what  keeps 
them  in  this  deviant  behavior  after  the  first 
initial  thrill,”  says  Marcus  Rogers,  an  associ¬ 
ate  professor  at  Purdue  University  in  West 
Lafayette,  Ind.,  where  he  heads  cyberforen¬ 
sics  research  in  the  university’s  department 
of  computer  technology. 

Rogers’  expertise  spans  technology  and 
behavioral  sciences.  He  has  identified  eight 
types  of  cybercriminals,  ranging  from  “new¬ 
bies”  with  limited  programming  skills  who 
rely  on  pre-written  scripts  to  conduct  their 
attacks,  to  well-trained  professional  crimi¬ 
nals  and  cyberterrorists  with  state-of-the-art 
gear  (see  graphic,  page  47). 

In  addition  to  skill,  these  criminals  differ  in 
their  motivations.  Some  computer  criminals 
are  motivated  by  status  or  money,  others  by 
revenge,  says  Rogers,  who  worked  as  a 
detective  in  a  computer  crimes  unit  in 
Canada  and  earned  his  doctorate  in  forensic 
psychology  at  the  University  of  Manitoba. 

“The  kid  who’s  running  pre-written 


a  teenage  or  adult  male  who’s  long  on 
computer  smarts  but  short  on  social  skills 
But  like  most  stereotypes,  it  doesn’t  begin 
to  tell  the  whole  story. 


Purdue  University  Associate  Professor  Marcus  Rogers  is 
seeking  answers  about  what  motivates  cybercriminals 
beyond  “the  initial  first  thrill." 


scripts,  his  motivation  is  not  to  collapse  the  American 
economy  He’s  usually  driven  by  experimentation,  look¬ 
ing  for  a  thrill.  It’s  like  cyberjoyriding.”  Whereas  for  a 
professional  criminal,  the  motivation  is  income,  Rogers 
says.“He  doesn’t  want  to  brag  or  be  all  over  the  press. 
He  wants  to  be  very  quiet  and  fly  under  the  radar  as 
long  as  possible.” 

Companies  aren’t  going  to  solve  computer  security 
issues  just  by  throwing  technology  at  the  problem, 
agrees  Steven  Branigan,  president  of  security  company 
CyanLine  and  author  of  High-Tech  Crimes  Revealed: 
Cyberwar  Stories  from  the  Digital  Front.  “It’s  about 
understating  where  the  risks  are  and  understanding 
how  people  behave,”  he  says. 

Hackers  are  motivated  to  do  what  they  do  for  differ¬ 
ent  reasons, such  as  money,  ego,  revenge  and  curiosity 
says  Branigan,  a  founding  member  of  the  New  York 
Electronic  Crimes  Task  Force.“My  experience  has 
been  that  those  who  get  into  computers  first,  and 
then  start  hacking,  are  more  motivated  by  curiosity?’  he 
says.’Those  who  have  criminal  tendencies  to  begin 
with,  when  they  learn  about  using  computers,  they 
then  figure  out  how  to  apply  that  to  their  trade.” 

Some  wind  up  being  more  destructive  than  others. 
Script  kiddies  aren’t  generally  driven  to  be  destructive, 
but  they’ll  take  advantage  of  some  weakness  that  exists 
in  an  operating  system,  Branigan  says.  Cybercriminals 
looking  to  make  money  aren’t  bent  on  being  destruc¬ 
tive  either,  he  says.“[Like]  any  parasite,  they  don’t  want 
to  kill  the  host.” 

“The  people  I’ve  found  to  be  the  most  dangerous 
are  the  ones  seeking  revenge,”  Branigan  says. 

Insider  criminals  —  those  who  go  after  things  like 
customer  and  supplier  databases,  business  pipeline 
information,  future  product  prototypes  and  strategic 
business  plans  —  are  particularly  good  at  exploiting 
companies’ vulnerabilities.“They  have  the  most  access, 
they  know  how  systems  work,  and  they  really  know 
where  to  hit  you,”  Branigan  says. 

Of  course,  not  all  experts  view  the  hacker  nation 
through  the  same  discriminating  lens.  For  Patrick  Gray 
there’s  really  only  one  driver  that  matters  today:  Money 

Motivations  have  changed  dramatically  in  the  last 
decade,  says  Gray  who  is  director  of  X-Force  opera¬ 
tions  at  Internet  Security  Systems  (ISS). X-Force  is  the 
R&D  division  of  ISS,  responsible  for  vulnerability  and 
threat  research. 

“We’ve  gone  from  five  or  10  years  ago,  where  hackers 
were  dabbling  in  other  people’s  systems  to  see  how 
they  were  configured  and  really  not  doing  anything 
wrong  in  those  systems,  to  now  where  it’s  become 
incredibly  malicious. We’ve  come  a  full  180  degrees.” 

Instead  of  being  driven  by  curiosity  hackers  today  are 
driven  by  moneyThey’re  trying  to  get  anything  of 
value  that  they  can  market,”  Gray  says.“The  stereotypi¬ 
cal  image  of  the  lone  hacker  sitting  up  in  a  loft  some¬ 
where,  eating  Ding  Dongs,  drinking  Jolt  cola  until  it 
comes  out  of  his  ears,  and  just  hacking  away  is  gone.” 

The  hard  part 

Digging  into  the  parallels  that  exist  between  crimes 
committed  in  the  physical  and  electronic  worlds 
could  unlock  some  of  the  mystery  of  who’s  behind 
the  computer  crimes. 

Rogers  and  others  like  him  want  to  see  traditional 
criminal  profiling  adapted  for  use  in  computer  forensic 
investigations.“It’s  about  looking  at  the  computer  and 
the  Internet  as  an  electronic  crime  scene,  and  looking 


Profiling  cybercrime: 


for  indicators  of  signature  behaviors  and  MOs  that 
allow  us  to  paint  a  picture  of  the  individual  who’s  re 
sponsible,”  Rogers  says.“We  can  do  a  fairly  good  job  of 
this  in  the  physical  world  —  can  we  do  a  fairly  good 
job  in  the  electronic  world?” 

The  next  step  is  to  take  that  understanding  and  use 
it  in  practical  ways,  such  as  to  harden  systems  and  im¬ 
prove  investigation  techniques. 

But  what’s  missing  is  sound  data.  People  have  spent 
a  lot  of  time  developing  theories,  but  there  isn’t  a  lot 
of  solid  information,  Rogers  says.“We  really  have  to  . . . 
study  it  with  scientific  rigor." 

Branigan  agrees.“Ultimately,  right  now  we  don’t 
have  enough  information  to  make  that  really  good 
profile,”  he  says.“We’re  at  the  anecdotal  stage,  where 
we’ve  collected  some  information,  but  1  don’t  think 
we  have  enough.” 

One  obstacle  is  victims’  reluctance  to  report  com¬ 
puter  crimes. 

“My  biggest  gripe  is  that  we  don’t  share  information 
very  well,”  Gray  says.The  hacking  community  shares 
info  with  each  other  all  the  time.  If  a  hacker  is  having 
a  problem  accessing  a  router,  or  getting  through  a  fire 
wall,  he’ll  throw  it  on  the  table,  into  the  channels,  look¬ 
ing  for  help.  Pfeople  are  more  than  willing  to  help  him 
complete  the  hack.” 

The  same  type  of  information  sharing  doesn’t  hap¬ 
pen  among  businesses,  Gray  says.“Until  we  recognize 
the  need  to  share  information  with  one  another,  we’re 
going  to  continually  be  reacting  to  the  whims  of  this 


hacking  community’ he  says. 

Extortion,  in  particular,  goes  unreported,  says  Marty 
Lindner,  a  senior  member  of  technical  staff  at  the 
CERT  Coordination  Center  at  Carnegie  Mellon  Univer¬ 
sity  “That’s  very  hard  to  document,  very  hard  to  prove. 
Most  companies  won’t  talk  about  that,”  he  says. 

But  experts  agree  it’s  on  the  rise.  Organized  crimi¬ 
nals  in  areas  such  as  Eastern  Europe  are  increasingly 
penetrating  businesses’  systems  and  threatening  to 
release  sensitive  corporate  data  if  they  aren’t  paid 
money,  Gray  says.They 're  also  launching  denial-of-ser- 
vice  (DoS)  attacks  to  interrupt  companies’  electronic 
business  operations.“Then  they  say ‘We’ll  stop  this  DoS 
attack  on  your  company  and  let  you  back  on  the 
Internet  if  you  pay  me.”’ 

From  conversations  with  law  enforcement,  Gray 
estimates  only  about  10%  of  online  extortions  are 
being  reported. 

Hoping  to  reverse  the  trend  of  unreported  computer 
attacks,  CERT  offers  a  venue  for  companies  to  talk 
without  being  identified  publicly  Companies  under¬ 
stand  they  can  talk  to  CERT  without  worrying  what 
they  say  will  be  attributed  to  their  companies, 
Lindner  says.“We  can  take  that  info,  make  it  non-attri- 
butional  and  then  push  it  out  to  others  so  that  they 
know  what  to  look  for  noW 

When  companies  don’t  report  crimes,  they  miss  an 
opportunity  to  potentially  protect  the  criminals’  next 
targets.Tve  seen  cases  where  three  or  four  companies 
—  all  of  a  similar  kind  —  have  been  attacked  in  the 


Network  threats  and  defense  strategic 


Enemy 


A  SCIENTIFIC  APPROACH 


One  man’s  hacker  taxonomy 

Marcus  Rogers  has  identified  eight  types  of  cybercriminals,  distinguished  by  their  skill  levels  and  motiva¬ 
tions.  Rogers  is  an  associate  professor  at  Purdue  University  in  West  Lafayette,  Ind.,  where  he  heads 
cyberforensics  research  in  the  department  of  computer  technology. 


Novices 

•  Limited  computer  and  programming  skills. 

•  Rely  on  tool  kits  to  conduct  their  attacks. 

•  Can  cause  extensive  damage  to  systems  because  they  don't 
understand  how  the  attack  works. 

•  Looking  for  media  attention. 

Cyberpunks 

•  Can  write  their  own  software. 

•  Have  an  understanding  of  the  systems  they  are  attacking. 

•  Many  are  engaged  in  credit  card  number  theft  and 
telecommunications  fraud. 

•  Have  a  tendency  to  brag  about  their  exploits. 

Internals 

a)  Disgruntled  employees  or  ex-employees 

•  May  be  involved  in  technology-related  jobs. 

•  Aided  by  privileges  they  have  or  had  been  assigned  as  part  of  their 
job  function. 

•  Pose  largest  security  problem. 

b)  Petty  thieves 

•  Include  employees,  contractors,  consultants. 

•  Computer  literate,. 

•  Opportunistic:  take  advantage  of  poor  internal  security. 

•  Motivated  by  greed  or  necessity  to  pay  off  other  habits,  such  as 
drugs  or  gambling. 


Coders 

•  Act  as  mentors  to  the  newbies.  "Write  the  scripts  and  automated 
tools. that  others  use. 

•  Motivated  by  a  sense  of  power  and  prestige. 

•  Dangerous  -  have  hidden  agendas,  use  Trojan  horses. 

Old-guard  hackers 

•  Appear  to  have  no  criminal  intent, 

•  Alarming  disrespect  for  personal  property. 

•  Appear  to  be  interested  in  the  intellectual  endeavor. 

Professional  criminals 

•  Specialize  in  corporate  espionage. 

•  Guns  for  hire. 

•  Highly  motivated,  highly  trained,  have  access  to  state-of-the-art 
equipment. 

Information  warriors/cyberterrorists 

•  Increase  in  activity  since  the  fall  of  many  Eastern  Bloc  intelligence 
agencies.' 


•  Mix  political  rhetoric  with  criminal  activity/ 

Political  activists 

•  Possible  emerging  category. 

•  Engage  in  hacktivfsm. 


Network  threats  and  defense  strategies  |  11.29.04 


exact  same  way”  Lindner  says.'  But  none  of 
them  was  willing  to  tel!  the  others  about 
the  style  of  the  attack  if  they  had,  the  first 
guy  would  have  been  hit,  but  the  other 
guys  might  have  had  a  better  chance.” 


In  todays  world,  the  number  of  computer 
criminals  successfully  captured  and  prose¬ 
cuted  is  embarrassingly  low,  says  Gary 
Jackson,  founder  and  CEO  of  Psynapse 
Technologies.  A  spinoff  of  the  American 


Institutes  for  Research,  Psynapse  makes 
intrusion-protection  products  that  are 
designed  to  respond  to  the  behavior  of 
attackers  —  even  anticipate  the  actions  of 
site  visitors  by  assessing  their  intent. 


l\letworkWbrld 

TECHNOLOGY  TOUR. 

The  2005  IT  Roadmap 

Future 

Vision 


EVENT  SCHEDULE 

BOSTON,  MA 
November  30,  2004 
Sheraton  Framingham 

SAN  FRANCISCO,  CA 
December  2,  2004 
Crowne  Plaza 

San  Francisco  Airport,  Burlingame 

DALLAS,  TX 
December  14,  2004 
Renaissance  Dallas-Richardson  Hotel 

CHICAGO,  IL 
December  16,  2004 
Hyatt  Woodfield,  Schaumburg 


Attend  this  Complimentary 
Network  World  Technology  Tour  Event 

Johna  Till  Johnson, 

Chief  Research  Officer  and 
Founder  of  Nemertes  Research 

John  Gallant, 

President  and  Editorial  Director  of  Network  World 


Where  is  IT  headed  in  2005?  What  are  the  new,  must-have  strategic  investments? 
Which  emerging  technologies  will  change  your  architecture  and  redefine  best 
practices?  How  will  successful  network  executives  balance  the  drive  for  competitive 
advantage  with  the  imperative  to  implement  effectively?  The  answers  await  you  at 
The  2005  IT  Roadmap:  Future  Vision,  IT’s  agenda-setting  event  of  the  year 
Seize  the  day!  Register  now  to  attend  free. 


PRESENTING  SPONSORS: 


ADIBAn  ARUBA 


I  AT&T 

The  world's  networking  company" 


& 


FOUNDRY 

NETWORKS 


ADTRAN  offers  the  NetVanta  Series  of 
LAN-to-WAN  internetworking  products, 
including  routers,  managed  Ethernet 
switches,  integrated  switch-routers,  and 
firewall/VPN  devices.  These  solutions 
help  reduce  Total  Cost  of  Ownership  and 
simplify  migration  to  newer,  cost-saving 
technologies,  without  sacrificing  quality 
or  functionality. 


Based  in  Sunnyvale,  California,  Aruba 
Wireless  Networks  (Aruba)  is  a  fast¬ 
growing  enterprise  infrastructure 
company.  Aruba  pioneered  the  concept 
of  centralized  network  systems  to  enable 
wireless,  security  and  mobility  services. 
The  company's  products  help  corpora¬ 
tions  address  fundamental  new  changes 
taking  place  in  enterprise  networks 
caused  by  user  mobility,  security  and 
wireless  technology. 


To  help  secure  your  enterprise  network¬ 
ing  environment  AT&T  offers  a  suite  of 
security  services,  including  our  award¬ 
winning  Internet  Protect  service,  to 
help  assess  vulnerabilities,  protect  your 
infrastructure,  detect  attacks,  and 
respond  to  suspicious  activities  and 
events  -  all  backed  by  AT&T's  renowned 
technical  expertise  from  AT&T  Labs. 


Foundry  Networks,  Inc.  is  a  leading 
provider  of  high-performance  enterprise 
and  Service  Provider  switching,  routing 
and  Web  traffic  management  solutions. 


©INTERNET  SECURITY.  SYSTEMS- 

Ahead  of  the  threat. 


Lucent  Technologies 

Bell  Labs  Innovations 


wf  peribit 


Internet  Security  Systems  is  the  trusted 
expert  to  global  enterprises  and  world 
governments  providing  products  and 
services  that  protect  against  Internet 
threats.  ISS  delivers  proven  cost  efficiencies 
and  reduces  regulatory  and  business  risk 
for  over  11 ,000  customersworldwide. 


Lucent  Technologies,  the  largest 
communications  infrastructure  provider 
in  North  America,  offers  enterprises  an 
in-depth  portfolio  of  industry  leading, 
award-winning  VitalSuite®  and  VitalQIP® 
Management  Software  solutions  to 
help  manage  all  aspects  of  IT  network 
operations — effectively,  efficiently 
with  unparalleled  ROI. 


Peribit  Networks  improves  business 
efficiencies  by  resolving  the  limitations 
of  WANs.  The  PeriSphere  architecture 
increases  WAN  capacity,  speeds 
applications,  enables  prioritization,  and 
provides  total  visibility. 


Akonix:j> 

SoMioni  for  Ent*rp.  Is*  IM  • 


APRf  sm  A 

spectrum*  pt'wmo  solutions 


EXHIBITING  SPONSORS: 
/""N 

CONNECTED- 


evolve 

TECHNOLOGY  GROUP 


F  inis  a  r 


FHJUKS 


lntmSrstems+  (i)  IRON  Port-  IIIIIK  logix 


picture  your  bu»ine< 


SECURE' 

COMPUTING 


Register  now  at 


s 


.  ;”'n  ,o<:  murs  of  th.s  premier  Network  World  Event,  please  contact  Andrea  D'Amato  at  1  -508-490-6520  or  adamato@nww.com  for  free,  no-obligation  information. 


“Very  few  cases  actually  come  to  trial. 
I’ve  seen  estimates  as  low  as  one  out  of 
300  or  400  actually  get  caught,”  Jackson 
says. That’s  one  reason  more  traditional 
criminals  are  getting  into  computer 
crimes.“There  aren’t  the  penalties.  If  you 
get  caught,  more  often  than  not  it’s  a  mis- 
demeanor;’he  says. 

Plus  the  small  percentage  of  computer 
crimes  that  do  get  attention  tend  to  be 
those  perpetrated  by  less-skilled  deviants, 
which  doesn’t  do  much  to  shed  light  on 
the  highly  skilled  and  more  dangerous 
criminals  operating  in  the  world. 

“I’m  not  really  worried  about  the  kid  sit¬ 
ting  in  his  basement  running  the  latest  SQL 
Slammer  attack,”  Rogers  says.Tm  con- 


Ilk 


e  any  parasite,  they 
dent  want  to  kill  the  host. 


Steven  Branigan,  president  of  security 
company  CyanLine 


cerned  about  organized  crime.  I’m  con¬ 
cerned  about  its  use  in  white-collar  crime 
and  in  the  dark  side  of  information  warfare 
—  that  being  the  ability  to  launch  terrorist 
attacks.  But  the  groups  that  we  unfortunate¬ 
ly  only  tend  to  see  are  at  the  real  low  end 
of  the  skill  spectrum.” 

Looking  ahead 

Changing  that  scenario  is  going  to  re¬ 
quire  a  concerted  effort  to  collect  and 
share  data  about  the  types  of  computer 
crimes  being  committed  and  the  people 
doing  it.  But  it  won’t  be  easy 

“Trying  to  obtain  enough  data  that  we 
can  start  making  enough  meaningful  com¬ 
parisons  is  not  an  overnight  effort,”  Rogers 
says.“Collecting  good  data  is  important, 
and  it  has  to  be  done  worldwide.” 

In  the  past,  global  roadblocks  have  con¬ 
tributed  to  hackers’  veils  of  anonymity 
Rogers  says.“There  are  issues  with  jurisdic¬ 
tion,  issues  with  extradition.  Computer 
criminals  can  throw  up  a  lot  of  smoke¬ 
screens  between  themselves  and  their  vic¬ 
tims,  and  the  authorities  on  the  other  end.” 

Fortunately  that’s  starting  to  change. 
There’s  some  momentum  behind  interna¬ 
tional  movements  to  harmonize  computer 
crime  statutes,  Rogers  says. 

And  those  pursuing  the  bad  guys  are 
getting  better  at  what  they  do. “Law 
enforcement  is  a  lot  more  technically 
savvy  than  the  public  and  underground 
community  give  them  credit  for,”  Rogers 
says. 

Vigilance  is  a  must.“What  we’ve  learned 
as  professionals  is  that  we  can  never,  ever 
underestimate  the  creativity  out  there,” 
Jackson  says.“A  lot  of  hackers  tend  to  be 
very  bright,  very  focused. They  might  have 
a  string  of  college  degrees  behind  them, 
and  they  might  be  as  good  as  the  people 
protecting  the  systems,”  he  says. 

Senior  Editor  Phil  Hochmuth  contributed 
to  this  story. 


- 


Profiling  cybercrime: 


Network  threats  and  defense  strategies  j  W.i  .  s 


By  John  Blau 


The  race  is  on  to  harden  the  nation  s  critical  infrastructure  before 
cyberterrorists  gain  enough  skills  to  launch  attacks. 


The  arsenal  of  modern  weapons  that  terrorists 

might  someday  use  to  disrupt  power  grids,  gas  lines  and  other  parts 
of  the  nation’s  critical  infrastructure  includes  conventional  weapons 
as  well  as  bits  and  bytes  —  in  other  words  cyberterror  attacks.The 
cyberthreat  to  the  electricity  we  use  and  the  water  we  drink  is  real, 
experts  say  but  there’s  no  need  to  panic  —  at  least  not  yet. 

“Our  research  shows  that  terrorist  groups 
are  definitely  interested  in  attacking  criti¬ 
cal  infrastructures,”  says  Eric  Byres,  res¬ 
earch  director  at  the  Internet  Engineering 
Laboratory  of  the  British  Columbia  Insti¬ 
tute  of  Technology  in  Burnaby  “The  good 
news  is  that  we  don’t  think  they  have  the 
technical  ability  yet  —  in  other  words,  the 
combined  IT  and  control  system  skills 
needed  to  penetrate  a  utility  network.The 
bad  news  is  that  they’re  beginning  to 
acquire  some  of  these  skills.” 

Confidential  documents  about  supervi¬ 
sory  control  and  data  acquisition 
(SCADA)  systems,  for  instance,  have  been 
found  in  al  Qaeda  hiding  places  in 
Afghanistan,  while  the  Irish  Republican 
Army  has  said  it  plans  cyberattacks  on 
crucial  supply  systems,  according  to 
Justin  Lowe,  principal  consultant  with  PA 
Consulting  Group. 

Equally  disturbing,  talented  hackers  in 
many  parts  of  the  world  are  willing  to 
peddle  their  expertise  for  the  right  price 
or  political  cause,  according  to  DK  Matai, 
chairman  of  Mi2g,  a  London  security  service 
provider. “We  have  evidence  of  Russian  hackers  sell¬ 
ing  their  skills  to  radical  Islamic  groups,”  he  says. 

Few,  if  any  of  the  industrial  control  systems  used 
today  were  designed  with  cybersecurity  in  mind 
because  hardly  any  of  them  were  connected  to  the 
Internet.  For  the  most  part,  these  companies  viewed 
their  infrastructures  as  secure  from  cyberattacks  be¬ 
cause  of  their  isolated  structure. 

However,  utilities  and  factories  are  now  using  the 
Internet  to  carry  SCADA  messages  from  an  increas¬ 
ing  number  of  Web-enabled,  remote-control  sys¬ 
tems,  according  to  Joe  Weiss,  who  served  as  securi¬ 
ty  director  at  the  Electric  Power  Research  Institute 
in  Palo  Alto,  and  its  Enterprise  Infrastructure  Secur¬ 
ity  Initiative  before  joining  KEMA  Consulting. 


Not  only  that,  but  also  many  of  their  “private"  net¬ 
works  now  are  built  with  the  help  of  competitively 
priced  fiber-optic  connections  and  transmission 
services  provided  by  telecom  companies,  which 
have  become  the  frequent  target  of  cyberattacks. 

Last  year,  a  power  utility  crash  that  was  caused  in¬ 
directly  by  the  Slammer  worm  paralyzing  a  leased 
telecom  service.  For  its  SCADA  communications  net¬ 
work,  the  utility  used  a  frame  relay  service,  which  a 
carrier  provided  over  its  ATM  backbone. The  ATM 
network  was  overwhelmed  by  the  worm,  blocking 
SCADA  traffic  to  substations. 

“In  some  sense,  we’re  always  under  attack,” says 
Vint  Cerf, senior  vice  president  of  technology  strat¬ 
egy  for  MCI.’The  wonderful  thing  about  the  Internet 
is  that  everything  is  connected. The  horrible  thing 


about  the  Internet  is  that  everything  is  connected.” 

And  if  terrorist  groups  fail  to  mount  an  attack 
from  the  outside,  they  can  always  take  the  insider 
approach,  finding  disgruntled  employees  who 
know  the  vulnerablities.say  of  a  power  grid  control 
network,  according  to  PA  Consulting’s  Lowe. 

That’s  why  Cerf  insists  on  access  controls  at  every 
host  in  every  internal  network.“The  notion  of  inside 
and  outside  shouldn’t  confer  a  great  deal  of  author¬ 
ity  on  anybody;’  he  says.“My  recommendation: 
every  host  should  have  its  own  firewall  and  require 
authentication  that  should  be  very  strong.” 

So  where  does  the  U.S.  stand  in  terms 
of  vulnerability,  compared  with  other 
countries? 

Byres  says  protection  varies  in  critical 
infrastructures  around  the  world,  but  the 
level  isn’t  directly  linked  to  the  national 
economy  In  other  words,  it  isn’t  necessar¬ 
ily  better  in  rich  countries  and  worse  in 
poor  countries.  For  instance,  deregulation 
of  the  energy  market  in  the  U.S.  has  led  to 
cost-cutting  that  has  affected  investments 
across  the  board,  including  security  sys¬ 
tems  and  services,  he  says. 

And  what  about  the  Internet,  which  is  a 
critical  infrastructure  all  of  its  own? 

“Sure,  if  gangsters  are  using  cyberattacks 
as  weapons,  why  shouldn’t  terrorists?”  says 
Steve  Cocke,  director  of  the  security  and 
stability  advisory  committee  at  the  Internet 
Corporation  for  Assigned  Names  and 
Numbers.  But  Cocke  argues  that  the  dis¬ 
tributed  architecture  of  the  Internet  makes 
it  a  difficult  target  to  bring  down. “When 
the  World  Trade  Towers  came  down,  local 
telephone  service  was  severely  impaired 
but  disruption  of  the  Internet  was  minimal, ’he  says. 

The  disturbing  fact  is  that  the  world's  utility  and 
industrial  infrastructures  remain  vulnerable  to 
cyberattacks  not  only  by  terrorists  but  also  by  dis¬ 
gruntled  employees  and  even  script  kiddies,  ex¬ 
perts  agree.The  challenge  now,  they  say,  is  to  mini¬ 
mize  this  vulnerability  —  before  it’s  too  late. 

Blau  is  a  correspondent  with  IDG  News  Service. 

SViore  online 

Go  online  for  an  update  on  problems  with 
the  U.S.  cybersecurity  efforts. 

DocFinder:  4837 


BARRY  GNYP 


.  \  «  *  / 


Network  threats  and  defense  strategies  |  11.29,04 


Even  though  Congress  continues  to  propose  laws  to  defeat  spyware  and  spammers, 
it  seems  law  enforcements  hands  are  still  essentially  tied. 


By  John  Cox  and  Carolyn  Duffy  Marsan 


The  legal  framework  for  battling  cybercrime 

rests  on  surprisingly  few  federal  laws. 

While  enforcement  officials  and  other  experts  seem  largely  satisfied 
with  these  statutes,  new  laws  are  in  the  works  to  combat  increasingly 
sophisticated  criminals.  Also,  the  distinction  between  pure  cybercrime  — 
defined  as  a  computer-based  attack  on  computers,  networks  and  data  — 
and  traditional  crime  such  as  fraud  and  theft  continues  to  blur,  further 
complicating  the  legal  challenges. 


One  critical  part  of  the  legal  framework  is  only  now 
starting  to  get  more  systematic  attention:  the  proce¬ 
dural  rules  that  regulate  investigations  and  evidence 
gathering  —  and  protect  civil  rights. 

The  main  federal  cybercrime  laws  traditionally  have 
been  the  Computer  Fraud  and  Abuse  Act  and  the 
Electronic  Communications  Privacy  Act.They  form  the 
foundation  of  digital  law  enforcement  by  defining  and 
criminalizing  unauthorized  access  to  computers  and 
the  interception  of  electronic  communications. 

But  many  prosecutions  involve  these  cybercrime 
laws  coupled  with  traditional  laws,  such  as  those 
against  mail  and  wire  fraud,  or  in  the  case  of  the 
Federal  Trade  Commission,  unfair  and  deceptive  prac¬ 
tices  under  the  FTC  Act. 

Consider  a  number  of  recent  federal  cases,  which 
show  the  range  of  cybercrime  actions  and  federal 
priorities: 

•  Six  men  were  indicted  on  charges,  based  on  the 
Computer  Fraud  and  Abuse  Act  as  well  as  money  laun¬ 
dering  and  conspiracy  in  Los  Angeles  for  allegedly 
hacking  into  the  online  ordering  system  of  Ingram 
Micro  and  fraudulently  ordering  more  than  $10  mil¬ 
lion  worth  of  computer  gear  to  be  shipped  to  loca¬ 
tions  in  Romania  and  the  U.S. 

•  Capping  a  4-year-old  case,  a  federal  judge  ruled  that 
two  companies  and  their  principals  were  guilty  of  un¬ 
fair  and  deceptive  practices  under  the  FTC  Act  for 
billing  people  for  accessing  Internet  pornography  sites 
that  in  fact  were  never  accessed  at  all.The  defendants, 


both  now  at  large,  have  been  ordered  to  repay  nearly 
$18  million  in  phone  charges. 

•  Operation  Web-Snare,  a  joint  effort  by  the  Depart¬ 
ment  of  Justice  and  investigators  from  federal,  state 
and  local  agencies,  involved  more  than  150  separate 


investigations  into  a  range  of  crimes  covered  by  vari¬ 
ous  cybercrime  laws,  including:  criminal  spam,  phish¬ 
ing, spoofed  or  hijacked  accounts,  international  re¬ 
shipping  schemes,  cyber  extortion,  auction  fraud,  and 
credit  card  fraud,  identity  theft  and  hacking. 

•  A  former  employee  of  Varian  Semiconductor  was 
charged  under  the  Computer  Fraud  and  Abuse  Act 
with  one  count  of  intentionally  damaging  a  protected 


computer  when  he  hacked  into  a  Varian  server  from 
his  Indiana  home  and  deleted  the  source  code  for  a 
major  new  e-commerce  application. 

•  A  Florida  man  was  charged  with  illegal  access  to 
servers  at  Acxiom,  which  manages  personal,  financial 
and  coiporate  data,  and  downloading  an  estimated 
8.2G  bytes  from  an  FTP  server  between  April  2002  and 
August  2003. The  charges  were  based  in  part  on  the 
Computer  Fraud  and  Abuse  Act. 

These  cases  show  that  the  distinction  between 
cybercrime  and  traditional  crime  is  blurring. 

Criminals  “don’t  care  about  definitions,  they  just  keep 
figuring  out  ways  to  make  more  money  more  surrepti¬ 
tiously”  says  Paul  Luehr.vice  president  with  Stroz 
Friedberg  and  a  former  federal  attorney  who  oversaw 
cyber  investigations  for  the  U.S.  Attorney’s  office  in 
Minnesota  for  four  years.  Spammers  who  used  to  just 
pitch  Viagra  are  now  soliciting  for  names,  addresses 
and  credit  card  information  to  perpetrate  fraud,  and 
hacking  into  mail  servers  and  Web  servers  to  hide  their 
tracks,  Luehr  says. 


The  CAN-SPAM  lesson 

The  federal  response  to  spamming  is  a  good  example 
of  how  the  legal  code  is  adapting  and  being  enforced. 
Before  the  2003  passage  of  the  CAN-SPAM  Act,  law  en¬ 
forcement  agencies  used  a  range  of  existing  statutes, 
including  provisions  of  the  Computer  Fraud  and  Abuse 
Act  and  the  wire  fraud  statute  to  prosecute  spamming. 
But  as  Assistant  FBI  Director  Jana  Monroe  testified  in 


Key  federal  cybercrime  laws 

Computer  Fraud  and  Abuse  Act:  The  foundation  of  many  later  laws,  it  defines  what  is  illegal  access  to  a  computer  and  criminalizes  activities 
such  as  hacking  and  malicious  code  such  as  viruses  and  worms. 

National  Information  Infrastructure  Act:  Modifies  the  CFAA  to  make  it  illegal  even  to  view  information  on  a  computer  without  authorization. 

Electronic  Communications  Privacy  Act:  Amends  the  federal  wiretap  law,  making  it  illegal  to  intercept  stored  or  transmitted  communications 
without  authorization. 

Communicaitons  Assistance  for  Law  Enforcement  Act:  Requires  ISPs  to  add  capabilities  that  let  law  enforcement  agencies  conduct,  after  obtaining 
a  warrant,  electronic  surveillance  of  specific  individuals. 

Cyber  Security  Act  and  Homeland  Security  Act:  Increases  penalties  set  out  in  the  Computer  Fraud  and  Abuse  Act,  reduces  the  privacy  of  certain 
data  held  by  ISPs,  making  it  easier  for  government  agencies  to  gain  access  to  that  data. 

CAN-SPAM  Act:  Imposes  limitations  and  penalties  on  Internet  transmission  of  unsolicited,  commercial  e-mail. 


Profiling  cybercrime: 


Network  threats  and  defense  strategies  j  11  , 


Congress  earlier  this  year,  existing  statutes  didn’t  direct¬ 
ly  address  a  range  of  specific  spamming  actions,  such 
as  using  widely  available  “open  proxies”  to  bounce 
e-mail  traffic  through  intermediary  computers  with  the 
intent  to  hide  the  true  location  of  the  sender. 

“Because  of  this,  many  investigators  and  prosecutors 
viewed  cases  based  primarily  on  the  sending  of  spam 
as  unlikely  to  result  in  successful  investigations  and 
prosecutions,” she  testified.  But  CAN-SPAM  criminal¬ 
izes  a  range  of  spamming  activities  so  that  spammers 
now  face  criminal  penalties. That’s  especially  impor¬ 
tant  because  spamming  now  is  seen  as  a  favored 
means  to  start  or  run  a  wide  array  of  frauds. 

One  result  is  that  the  Internet  Crime  Complaint 
Center  (lC3),a  joint  effort  by  the  FBI  and  the  National 
White  Collar  Crime  Center,  has  revamped  its  SLAM- 
Spam  program.The  IC3  is  refining  its  databases,  sharing 
data,  and  educating  and  training  federal  and  state 
agencies.This  outreach  program  covers  such  topics  as 
anti-spam  techniques  spammers  used,  tactics  to  investi¬ 
gate  spam  schemes  and  the  tools  available  to  them  via 
CAN-SPAM. 

Where  the  law  has  not  kept 
pace  is  in  the  area  of  the  proce¬ 
dural  rules  that  law  enforcement 
must  follow  in  investigating 
cybercrimes.These  rules  tradi¬ 
tionally  restrict  the  scope  of 
police  searches,  what  evidence 
can  be  considered  and  how 
investigations  are  regulated.  But 
applying  these  rules,  based  on 
traditional  crimes  and  investiga¬ 
tions,  to  cybercrimes  leads  to 
unexpected  results,  according  to 
Orin  Kerr,  a  law  professor  at 
George  Washington  University 
Law  School.  Kerr  is  a  former  fed¬ 
eral  prosecutor  and  author  of  the 
Justice  Department’s  manual  outlining  procedures  for 
searching  and  seizing  digital  evidence.  An  upcoming 
issue  of  Columbia  Law  Review  will  publish  his  paper, 
“Digital  Evidence  and  the  New  Criminal  Procedure.” 

The  dynamics  of  investigating  a  cybercrime, such  as  a 
hack  into  a  banks  computers, are  very  different  from 
investigating  a  traditional  “physical”  crime,  such  as  a 
bank  robbery  at  gunpoint,  Kerr  says.There’s  a  bad  fit 
between  the  traditional  rules  [of  evidence  and  proce¬ 
dure]  and  the  new  facts  of  computer  crime,”  he  says. 

The  doctrine  of  rules  and  laws  that  have  grown  up 
around  Fourth  Amendment  proscriptions  against 
unreasonable  search  and  seizure,  and  the  Fifth  Amend¬ 
ment’s  against  self-incrimination,  today  offer  little  pro¬ 
tection  to  wide-ranging,  almost  entirely  unregulated 
electronic  searches  and  evidence  gathering,  Kerr  says. 

That  is  starting  to  change.  Provisions  of  the 
Electronic  Communications  Privacy  (ECP)  Act  im¬ 
posed  statutory  limitations  on  how  the  government 
can  obtain  information  from  ISPs. 

The  USA  PATRIOT  Act  (an  acronym  for  Uniting 
and  Strengthening  America  by  Providing  Appro¬ 
priate  Tools  Required  to  Intercept  and  Obstruct 
Terrorism)  of  2001  later  amended  the  ECP  Act  to  cre¬ 
ate  two  classes  of  electronic  surveillance,  one  for 
data  related  to  dialing,  routing  and  addressing  of 
communications,  the  other  for  the  contents  of  those 
communications. The  latter  now  are  classed  as  more 
private  than  the  former.  As  a  result,  police  must  meet 


a  higher  standard  before  obtaining  a  search  warrant 
for  such  information. 

Kerr  expects  Congress  will  tackle  these  issues  more 
systematically  next  year  as  it  debates  provisions  of  the 
USA  PATRIOT  Act  due  to  expire  at  the  end  of  2005. 

The  main  proposed  change  to  the  Computer  Fraud 
and  Abuse  Act  pending  before  Congress  is  to  extend 
this  law  to  cover  spyware.  Sometimes  spyware  is  used 
for  harmless  applications  such  as  pop-up  ads  or  soft¬ 
ware  updates,  but  increasingly  these  programs  are  used 
to  change  settings  and  launch  computer  attacks  such 
as  spam  or  viruses. 

In  the  final  days  before  Congress  adjourned  in  ad¬ 
vance  of  the  presidential  election,  several  anti-spy¬ 
ware  measures  were  passed. 

The  House  approved  H.R.  4661,  the  Internet  Spyware 
(I-SPY)  Prevention  Act  of  2004,  which  was  hailed  by 
high-tech  industry  groups  including  the  Business 
Software  Alliance  (BSA)  and  the  Center  for 
Democracy  and  Technology.  The  I-SPY  Act  imposes 
criminal  penalties  on  individuals  who  access 
another  person’s  computer  with  spyware  and  use 

that  program  to 
harm  a  person  or 
cause  damage  to  a 
computer. 

Meanwhile,  the 
House  passed  H.R. 
2929,  the  Safeguard 
Against  Privacy 
Invasions  (SPY)  Act, 
which  calls  for  the 
FTC  to  oversee 
online  software  dis¬ 
tribution.  In  late 
September,  a  similar 
measure  called  the 
SPYBLOCKAct 
passed  the  Senate 
Committee  on  Commerce,  Science  and  Transportation. 
Like  SPYSPYBLOCK  would  regulate  advertising  deliv¬ 
ered  via  interactive  software  and  spyware  designed  to 
hijack  end  users’  computers  for  malicious  purposes. 

Trade  groups  favor  I-SPY  Act 

Industry  trade  groups  including  the  Information 
Technology  Association  of  America  (ITAA)  prefer 
the  I-SPY  Act  over  the  other  bills  because  it  takes  a 
more  targeted  approach  to  setting  criminal  penal¬ 
ties  on  spyware. 

ITAA  worries  that  the  SPY  Act  and  the  SPYBLOCK 
Act  would  regulate  legitimate  advertising  and  soft¬ 
ware  update  notices  in  addition  to  spyware.  ITAA 
President  Harris  Miller  said  in  a  statement  that  overly 
broad  anti-spyware  legislation  “could  leave  con¬ 
sumers  unaware  of  the  latest  software  updates  and 
unable  to  make  use  of  the  most  convenient  way  to 
upgrade  their  applications.” 

Another  piece  of  pending  cybercrime  legislation  is 
the  Anti-Phishing  Act  of  2004.  Phishing  is  a  type  of 
identity  theft  scam  by  which  individuals  are  enticed 
to  provide  confidential  information  such  as  credit 
card  numbers  through  spoofed  e-mails,  which  appear 
to  come  from  a  legitimate  source  such  as  a  bank  or 
e-commerce  Web  site. 

The  Anti-Phishing  Act  makes  it  illegal  to  knowingly 
send  out  spoofed  e-mail  that  links  to  sham  Web  sites 
with  the  intention  of  committing  a  crime. This  act  also 


makes  it  illegal  to  knowingly  create  a  Web  site  that 
pretends  to  be  legitimate  but  actually  intends  to  col¬ 
lect  information  for  a  criminal  purpose.  It  includes 
provisions  to  protect  Web  sites  that  are  parodies  or 
offer  political  commentary 

Also  pending  before  the  Senate  is  ratification  of 
the  Council  of  Europe’s  Convention  on  Cybercrime, 
which  is  supposed  to  make  it  easier  to  investigate 
and  prosecute  computer-related  crime  that  origi¬ 
nates  in  another  country. The  U.S.  is  one  of  38  nations 
that  has  signed  the  treaty,  but  the  Senate  has  not  rati¬ 
fied  it.  A  year  ago,  President  Bush  urged  the  Senate  to 
ratify  the  treaty  calling  it  the  “only  multilateral  treaty 
to  address  the  problems  of  computer-related  crime 
and  electronic  evidence  gathering." 

“We’ve  been  staunch  advocates  of”  the  treaty,  says 
Robert  Cresanti,  vice  president  for  public  policy  with 
the  BSA,  a  trade  group  representing  Microsoft,  Cisco, 
IBM  and  other  leading  network  vendors.“We  think 
it’s  perfect  to  get  harmonization  of  these  cyber¬ 
crimes  so  we  don’t  have  these  havens  where  people 
can  commit  cybercrime.  We’d  like  to  see  broad  adop¬ 
tion  of  the  treaty” 

“It’s  important  that  we  work  together  with  other 
countries,”  says  Ari  Schwartz,  associate  director  of  the 
Center  for  Democracy  and  Technology,  a  Washing¬ 
ton,  D.C.,  advocacy  group.“We’ve  seen  a  lot  of  the 
more  major  cybercrime  cases  falling  apart  because 
of  the  lack  of  cooperation  by  Taiwan  or  China  or  the 
Phillipines  or  the  former  Soviet  Union.” 

Despite  these  Congressional  efforts  to  pass  new 
cybercrime  laws,  observers  say  the  problem  today  is 
not  that  there  are  holes  in  existing  laws  but  that  feder¬ 
al,  state  and  local  law  enforcement  agencies  lack  the 
resources  to  pursue  the  growing  number  of  cases. 

The  Computer  Fraud  and  Abuse  Act  is  pretty  effec¬ 
tive,  Schwartz  says.“Law  enforcement  has  been  able 
to  bring  many  cases  under  that  act. The  problem  is 
tracking  down  the  criminals,”  he  says. 

“The  hard  part  is  the  police  work,”  he  adds.The 
laws  are  there.  It’s  good  that  we’re  extending  them 
and  making  them  more  clear  for  cases  like  spyware. 
But  the  hard  part  is  doing  the  investigation  and 
bringing  it  to  prosecution.” 

BSA  also  is  pushing  for  more  funding  for  federal 
law  enforcement  efforts  geared  toward  cybercrime. 

“While  there  are  significant  laws  on  the  books, 
there  are  not  sufficient  enforcement  resources  avail¬ 
able,”  Cresanti  says. “When  people  find  themselves  a 
victim  of  cybercrime,  they  have  a  difficult  time 
accessing  law  enforcement  and  bringing  forth  a 
claim. ...  In  my  opinion,  it  fundamentally  comes 
down  to  the  enforcement  resources  on  the  ground.’ 

That’s  one  reason  BSA  supports  the  Justice 
Department  in  its  bid  to  get  more  resources  to  battle 
international  piracy.  BSA  says  it  supports  the  creation 
of  “additional  Computer  Hacking  and  Intellectual 
Property  Units  (CHIP  UNITS)  to  prosecute  crimes 
and  work  with  industry  on  preventative  measures. 
Enhanced  criminal  enforcement  resources  would  be 
a  significant  step  in  the  right  direction.” 

For  several  years,  BSA  has  supported  the  idea  of 
increasing  the  funding  for  the  Justice  Department’s 
CHIP  UNITS  by  $10  million  per  year. These  units  “are 
enormously  effective  in  prosecuting  crimes,  but  they 
often  can’t  get  the  attention  of  investigators,”  Cresanti 
says.The  flow  of  prosecutions  is  being  hampered  by 
a  lack  of  resources  for  the  investigators.”  Bl 


When  people  find  themselves  a 
victim  of  cybercrime,  they  have  a 
difficult  time  accessing  law  enforce¬ 
ment  and  bringing  forth  a  claim  .  .  . 
In  my  opinion,  it  fundamentally 
comes  down  to  the  enforcement 
resources  on  the  ground. 

Robert  Cresanti,  vice  president  for  public  policy, 

Business  Software  Alliance 


omas  says  todays  cybercrook  is  all  about  the  bottom  line. 


Network  threats  and  defense  strategies  I  11.29.04 


Why  those  areas? 

There  are  very  prolific  hackers  in  those 
regions.  They’re  very  good  coders  and  pro¬ 
grammers.  Now  if  you’re  looking  at  Trojans  and 
viruses,  we  see  a  lot  of  those  coming  out  of 
Germany,  Russia  and  Poland.  [Attacks  come 
from...]  different  parts  of  the  world  depending 
on  what  aspect  of  computer  intrusions  you’re 


Internet  can  be  a  dangerous  place 

to  do  business  these  days.  No  one  knows  this  better  than  Dave 
Thomas,  chief  of  the  FBI’s  Computer  Intrusion  Section,  which  over¬ 
sees  the  FBI’s  counter-terrorism  and  criminal  computer  intrusion 


looking  at.  A  lot  of  Web  page  defacement-type 
activity  is  coming  out  of  Brazil,  for  instance. 


investigations. Thomas  talked  with  Network  World  Senior  Editor 

Phil  Hochmuth  about  who  is  commit¬ 
ting  cybercrime  and  what  the  FBI 
is  doing  to  stop  them. 


Are  these  people  who  have  always  been  crimi¬ 
nals  and  are  just  now  using  computers  to  do 
their  trade? 

We  do  see  a  lot  of  crime  migrating  to  the 
Internet  now  —  like  the  old  Nigerian  scams  .  . . 
and  identify  theft.  We’re  seeing  the  computer 
used  in  ways  that  we  hadn’t  seen  before,  like 
extortion  cases.  ...  We’re  seeing  denial-of-ser- 
vice  [attacks]  where  the  money  aspect  is  being 
used  for  extortion  —  I  will  take  your  computer 
down  or  1  will  knock  you  offline  until  you  pay 
me  enough  money. .  .  .  That  kind  of  thing. 


Who  are  these  people  committing  cyber¬ 
crime? 

There  are  groups  of  people  out  there 
that  are  targeting  businesses.  We’re  see¬ 
ing  an  increase  in  that  more  now 
because  a  lot  of  the  Eastern  European 
hacker  groups  have  determined  that 
you  can  make  money  from  gaining 
access  to  computers.  And  it’s  all  about 
money  now.  It  used  to  be  about  access, 
but  now  the  entire  scope  of  the  way  we 
do  things  has  changed. 

A  lot  of  the  phishing  schemes  —  where 
they’re  exploiting  computers  to  get  ac¬ 
cess  to  databases  of  credit  cards  —  [are] 
coming  from  Eastern  Europe,  from  Russia, 
Latvia,  Moldova,  Estonia  and  Romania. . . . 

As  access  becomes  better,  we  see  more 
people  attacking  systems  from 
those  areas  of  the  world. 


It  sounds  like  cybercrime  is  more  organized  now, 
as  opposed  to  just  a  kid  in  a  basement. 

What  we’ve  seen  certainly  over  the  past  year 
is  that  you  still  have  kids  out  on  the  Internet, 
but  a  lot  of  it  [is  being  done  by]  adults  now. 
And  it’s  because  of  the  money  that's  involved. 
The  Eastern  European  groups  and  the  people 
breaking  into  the  databases  doing  the  extor¬ 
tions  and  denial  of  service,  the  virus-writing 
crews,  the  spammers  —  this  is  all  very  adult- 
oriented,  centered  around  how  to  make  money 
from  this  criminal  activity.  There  are  loose 
groups,  we  know  a  lot  of  the  virus  writing  peo¬ 
ple  are  associated  and  affiliated  in  a  group,  but 
it  may  be  a  virtual  group,  unlike  traditional 
crime  where  you  see  people  living  in  the  same 
community.  These  are  virtual  gangs,  if  you  will. 


Are  there  any  new  technologies,  or  specific  tools, 
that  the  FBI  or  law  enforcement  is  using  to  catch 
bad  guys? 

We  basically  rely  on  the  good  investigative 
skills  of  the  agents;  we  try  to  treat  these  cases  just 
like  any  other  case  the  FBI  has.  We  do  have  to  use 
technology  sometimes  to  trace  things  back,  and  to 
get  IP  addresses,  but  a  lot  of  it  is  the  same  type  of 
technology  that’s  available  to  a  system  administra¬ 
tor  or  anyone  else.  We  use  a  lot  of  off-the-shelf  tools 


mm 


■ 

^2h4 

_ 


Profiling  cybercrime: 


Network  threats  and  defense  strategies 


. . .  because  the  Internet  is  pretty  much  the 
same  everywhere. 

So  it  sounds  like  old-fashioned  police 
work  is  really  what’s  going  to  catch 
these  types  of  people,  as  opposed  to  any 
new  type  of  technology. 

It  is. We  have  been  beat  up  in  the  media 
somewhat;  people  say  the  FBI  doesn’t 
understand  technology  and  we  can’t 
investigate  these  cases.  But  we  probably 
have  a  workforce  as  technically  equipped 
as  anyone  out  there.  But  there  are  things 


your  security  It’s  no  different  than  your 
home.You  have  a  lock  on  your  door. You 
may  have  an  alarm.You  may  have  a  dog. 
You  make  it  hard  for  someone  to  get  into 
your  system.You’ve  got  to  have  your  anti¬ 
virus  software  installed  on  your  computer. 


You’ve  got  to  update  those  virus  defini¬ 
tion  files  ....  Keep  your  computers  as  up- 
to-date  as  possible  with  security  patches. 
Most  of  the  intrusions  we  see  are  not 
from  what  we  call  zero-day  exploits  — 
that  is,  someone  has  found  a  new  way  to 


break  into  a  computer  that  no  one  has 
ever  seen  before.  Most  of  the  time,  it’s 
from  an  exploit  that’s  at  least  one  to  two 
years  old  that  should  have  been  patched 
a  long  time  ago.  And  they  just  walked 
right  in  the  front  door.  ■ 


// 


ayer  your  security.  It's 
no  different  than  your 
home.  You  have  a  lock 
□n  your  door.  You  may 
have  an  alarm.  You  may 
have  a  dag.  You  make  it 
hard  for  someone  to  net 
into  your  systei 


that  prevent  us  from  solving  some  of  these 
cases  that  are  really  different  than  our  tra¬ 
ditional  crime.  [We]  can  track  an  IP  ad¬ 
dress  back  to  another  country  but  depend¬ 
ing  on  the  laws  of  that  country  [we’re] 
totally  dependent  on  that  host  country 
then  to  be  able  to  continue  that  investiga¬ 
tion.  And  it  may  be  a  country  where  the 
laws  haven’t  been  developed,  or  where 
the  technology  hasn’t  been  developed 
that  allows  us  to  do  that. 


Reading  someone 
else's  issue  of 

NetworkWorld*  ? 

Subscribe  today  and  receive  your  own 
1-year  subscription  for  FREE  — 

a  $129.00  value! 


Go  to  http://subscribenw.com/mynw 


When  a  company  comes  under  the  types 
of  attacks  you  mentioned,  how  is  that 
reported? 

It  depends  company  to  company.  1  like 
to  tell  [companies]  . . .  don’t  wait  until  you 
have  an  incident  to  decide  who  to  call. 
You  should  have  that  built  into  the  frame¬ 
work  as  you  build  your  security  policy  so 
your  system  administrators  know  whether 
or  not  to  call  the  FBI,  and  who  the  con¬ 
tact  people  are.  [Large  businesses] 
should  also  have  a  media  strategy.  We 
generally  encourage  them  to  be  open 
about  things. Take  a  proactive  stance 
with  the  media  and  go  out  and  admit, 
yes,  there  was  an  intrusion,  but  we’re 
working  with  law  enforcement  and  we 
have  it  contained. 

How  do  you  help  companies  approach 
their  security  beyond  what  they  do  as 
standard  practice? 

What  we  generally  tell  them  is  to  make 
it  hard  for  someone  to  hack  you.  Layer 


Your  FREE  subscription  includes: 


5 1  weekly  issues  divided  by  technology  sections  including: 


>-  High  News 
Infrastructure 
>-  Service  Providers 
>■  Enterprise  Applications 
>■  Net.Worker 
>-  Technology  Update 
Management  Strategies 
»-  OpEd 

»■  Features/Tests 


>-  Network  World  Signature  Series 

Six  special  issues  providing  a  comprehensive 
overview  of  an  important  aspect  of  the  net¬ 
work  industry. 

>-  Buyer’s  Guides 

Comprehensive  reports  with  in-depth  maiist: 
analysis  and  comparative  product  reviews. 

>-  Technology  Insider 

A  bi-monthly  multi-featun  package  focusing 
on  the  hottest  technology  topics. 


More  online! 

Read  the  unabridged  version 
of  our  conversation  with  the 
FBI’s  Dave  Thomas. 

DocFinder:  4733 


Go  to  http://subscribenw.com/mynw  for  your  free  subscription  today! 


Network  threats  and  defense  strategies  |  11.29,04 


_ 


— 


_ 


ictim's 

CYBERCRIME  RETALIATION 

How  to  react  when  you  have  been  hit  by  a  cyber  attack. 


By  Denise  Dubie 


Fear,  uncertainty  and  doubt 

of  those  feelings  —  usually  let  cybercriminals  off  the  hook. 


—  or  any  combination 


A  January  report  from  the  U.S.  Joint  Council  on 
Information  Age  Crime  shows  that  36%  or  less  of 
organizations  polled  report  computer-related  crimes 
to  law  enforcement.Yet  law  enforcement  officials 
and  IT  security  experts  agree  that  taking  the  proper 
steps  after  malicious  activity  will  help  secure 
breached  networks,  prevent  future  attacks  —  and 
even  identify  and  punish  criminals. 

So,  what  should  you  do  if  you  are  the  victim  of 
cybercrime?  Here  are  10  key  reactions. 

Report 

Experts  urge  IT  managers  to  resist  going  into  hid¬ 
ing  and  advise  them  to  report  the  cybercrime  inci¬ 
dent  to  all  or  one  of  the  following  groups,  depend¬ 
ing  on  the  circumstances  of  the  crime. 

1.  Contact  law  enforcement  agencies:  The  FBI, 
the  U.S.  Secret  Service  and  the  Federal  Trade 
Commission  (FTC)  each  track,  investigate  and  pros¬ 
ecute  cybercrime,  depending  on  the  act.  For  exam¬ 
ple,  the  FBI  and  Secret  Service  investigate  cases 
dealing  with  hacking,  intellectual  property  theft, 
piracy  and  password  trafficking,  and  the  FTC  deals 
with  cases  of  Internet  fraud  and  spam. 

“Victims  must  report  the  crime  as  soon  as  they 
learn  about  it.The  earlier  they  report  it,  the  more 
likely  we  can  solve  it,”  says  Gail  Marcinkiewicz,  a 
spokeswoman  for  the  FBI’s  Boston  field  office. 

2.  Reach  out  to  industry  organizations: 

Groups  such  as  Carnegie  Mellon  University  Soft¬ 
ware  Engineering  Institute’s  CERT  Coordination 
Center,  the  Internet  Fraud  Complaint  Center  and  the 
Anti-Phishing  Working  Group  would  like  to  be 


informed  of  cybercrimes  and  mali¬ 
cious  computing  activity  such  as 
viruses,  worms  and  distributed 
denial-of-service  (DoS)  attacks. 

“There  are  advantages  when 
people  are  willing  to  even  just 
report  the  activity  without  seeking 
prosecution  or  publicity  says 
Marty  Lindner,  a  senior  member  of 
the  technical  staff  at  U.S.  CERT.“The 
experience  can  be  pushed  out  to  oth¬ 
ers  so  they  know  what  to  look  for? 

3.  Inform  other  potential  victims: 

Even  if  a  company  or  an  individual  wants 
to  keep  quiet  about  an  attack,  it  is  wise  —  and 
in  some  cases  required  by  law  —  to  alert  others 
at  risk. 

For  example,  the  University  of  California  at 
Berkeley  recently  revealed  that  a  hacker  attack 
might  have  exposed  the  personal  data  of  more  than 
a  million  state  residents.  Under  the  state’s  SB1386 
anti-identity  theft,  law,  passed  in  2003,  state  agencies 
and  businesses  maintaining  computerized  data  are 
required  to  report  any  breach  of  security  that  could 
have  compromised  personal  data  such  as  Social 
Security  or  license  numbers  or  name  and  addresses 
coupled  with  credit  card  information. 

“It  is  a  corporate  responsibility  to  report  corporate- 
level  fraud,” says  Erik  Laykin,  director  of  IT  investiga¬ 
tions  practice  for  Navigant  Consulting.11 

Investigate 

Proper  steps  need  to  be  taken  to  understand 


Who  ya  gonna  call? 

When  cyhercrime  strikes  there  is  a  myriad  of  agencies  and  contacts  there  to  help.  Local  agencies,  which  can.  be 
gleaned  from  these  ceptral^Bcatiqris,  are  your  first  line  of  contact. 


Local  FBI  field  office  A,  U.S.  CERT  online  reporting  for  techn 

www.fti.gw/cQntact/to/fo.htm  www.us-certgGv 

United  States  Secret  Service  (cyberincidertt  reports)  The  Internet  Fraud  Complaint  Center 

.  www1.ifccfbi.gov/indexasp 

Federal  Trade  Commission  A  National  Association  of  Attorney  General’s  Computer  Crime  Point  of- 

wvvW.fte.gov  Contact  List  {all  state-related  cyber  questions) 

U.S.  Securities  and  Exchange  Commission  wvw/.naa.J.cmj/«1Ies/2001072«-ccJist  bg.php 

www  sec  gov  Anti-Phishing  Working  Group 

The  Internet  Crime  ComplaiHt  Center  www.antiphishing.ory 

vyww.ic3.gov  '  *  .  f.  i 

For  a,  more  complete  listing  of  when  to  report  cybercrime,  see  www.cybercrime.gov/reporting.htm. 

■ 


i§t®pSB|L 


what  happened  and  how  to  prevent  it  from  hap¬ 
pening  again. 

4.  Don’t  shut  off  the  computer/network/ 
infected  area:  Shutting  down  the  system  could 
wipe  out  data  needed  to  determine  the  source  of 
the  attack.  Also,  depending  on  the  afflicted  area, 
whether  it  is  a  server,  firewall  or  router,  powering 
down  could  cause  further  problems  and  IT  service 
disruptions  for  the  company 

“Disconnecting  the  computer  from  the  network 
could  wipe  out  evidence,”  CERT’s  Lindner  says. 

5.  Don’t  tamper  with  potential  evidence: 
Internal  IT  staff  should  not  attempt  to  access,  say  the 
firewall  suspected  as  the  weak  link  in  an  attack  or 
the  hard  drive  of  a  disgruntled  employee.  FBI  and 
other  law  enforcement  officials  know  the  processes 
to  take  when  collecting  digital  data,  and  third-party 
security  forensics  firms  are  also  familiar  with  the 
chain  of  evidence  and  how  evidence  must  be 
maintained  for  use  in  a  court  of  law. 

“Evidence  is  one  of  the  biggest  challenges  in  pros¬ 
ecuting  cybercrimes,” says  Laykin,  whose  firm  helps 
companies  investigate  malicious  activity“Comput- 
ers  give  up  their  secrets  in  a  predictable  manner,  but 
if  the  wrong  people  access  them  during  an  investi¬ 
gation,  the  evidence  could  be  considered  tainted.” 

6.  Don’t  forget  to  document  the  process  of 
collecting  evidence:  Digital  evidence  remains  a 
gray  area  in  many  courts,  and  companies  must  col¬ 
lect  the  information  in  a  manner  that  will  be  admis¬ 
sible  in  court. 


What  to  do,  page  56 


Predict 

Virus  Outbreaks? 

Believe  it. 


Today’s  email  borne  viruses  propagate  globally  in  hours  or  minutes,  much  faster 
than  traditional  defenses  can  react,  leaving  you  exposed  to  the  “reaction  time  gap’.’ 
IronPort’s  Virus  Outbreak  Filters™  stop  viruses  up  to  8  hours  before  traditional 
virus  definition  files  are  available,  literally  predicting  virus  attacks  before  they 
cause  harm.  This  astounding  solution  is  powered  by  a  series  of  proprietary  algorithms  that 
process  data  from  SenderBase™  the  world’s  first  and  largest  email  traffic  monitoring  network. 
Available  now  at  www.ironport.com/leader 


IRONPORT 

Rebuilding  the  World’s  Email  Infrastructure. 


IRONPORT 

VIRUS 

OUTBREAK 

FILTERS 


®  Copyright  2004  IronPort  Systems,  Inc. 


Network  threats  and  defense  strategies  I  11.29.04 


What  to  do 

continued  from  page  54 

“Don’t  rely  on  the  data  itself.  Create  records  of  the 
process  and  log  who  did  what  to  prove  in  court  that 
tire  proper  steps  were  taken  to  secure  the  evidence,” 
says  Steven  Branigan,  president  of  CyanLine  and 
cybercrime  author.“If  it  goes  to  court  and  the  other 
side  challenges  your  statements,  having  something 
written  down  goes  a  long  wa/ 

Prosecute/remediate 

The  investigation  is  complete,  the  evidence  is  col¬ 
lected,  and  now  the  victimized  company  must 
decide  on  a  course  of  action.  Law  enforcement  offi¬ 
cials  recommend  prosecution. 

7.  Prove  motive:  Cybercrime  experts  say  in 
many  cases  the  malicious  activity  is  difficult  to  pros¬ 
ecute  because  the  motive  is  unclear.lt  could  be 
considered  mischievous  to  hack  into  a  network  but 
not  necessarily  a  crime. 

If  the  motive  is  clear,  such  as  monetary  gain  or 
revenge,  experts  say  it  is  easier  to  prove  the  attack 
had  malicious  intent. 

“You  need  to  prove  that  a  person  knew  they 
weren’t  supposed  to  be  doing  something  they  did 
and  that  their  actions  caused  damage,  not  just  dis¬ 
ruption  of  business  as  usual,”  says  Edward  Stroz,  for¬ 
mer  FBI  agent  and  president  of  computer  forensics 
consulting  firm  Stroz  Friedberg. 

8.  Take  cautious  internal 
action:  Intent  also  comes  into 
play  when  looking  to  remove  a 
suspected  attacker  from  the  com¬ 
pany’s  payroll.  In  many  cases,  com¬ 
panies  will  want  to  immediately 
remove  the  alleged  attacker,  but  a 
rash  firing  could  lead  to  a  lawsuit 
against  the  company. 

“If  there  aren’t  clear  policies,  it  will 
be  hard  to  justify  firing  an  individ¬ 
ual  that  happened  to  access  an 
area  reportedly  restricted,”  Stroz 
says.“The  person  can  always  claim 
he  didn’t  know  it  was  restricted.” 

9.  Rebuild  security  infrastructure: 

Because  most  responses  to  attacks 
are  reactionary,  many  companies 
consider  putting  tools  in  place  to  help  them 
either  better  handle  attacks  or  prevent  them  alto¬ 
gether  (see  related  story,  right). 

For  Corey  Mandell  and  the  IT  team  at 
Authorize,  net,  a  provider  of  payment-processing 
services  for  e-commerce  companies,  the  last  dis¬ 
tributed  DoS  attack  the  company  suffered  in 
September  forced  them  to  re-evaluate  their  secu¬ 
rity  infrastructure. 

10.  Establish  security  policies  and  practices: 

Industry  organizations  recommend  meeting  with 
local  law  enforcement  agencies,  insurance  compa¬ 
nies,  lawyers  and  computer  science  forensic  experts 
to  define  network  use  and  access  policies,  and  the 
processes  needed  to  prosecute  when  those  policies 
are  violated. 

Internal  policies  such  as  authorized  access  lists  for 
specific  servers  or  applications  with  customer  data 
will  make  it  easier  to  prove  actions  taken  were 
known  violations.  ■ 


Battii  Gear 


KEEP  YOUR  GUARD  UP 


Advanced  technologies  aim  to 
protect  network  assets 


By  Linda  Leung 

You  have  installed  firewalls  at  the  perimeter  of 
your  network,  rely  on  intrusion-detection  sys¬ 
tems  to  keep  the  had  guys  at  bay  and  have 
anti-virus  software  running  on  your  desktop 
machines.  And  it's  still  not  enough. 

Experts  say  that  as  hackers  step  up  their  efforts  to 
attack  your  network  you  should  consider  more 
advanced  technologies  and  policies  to  defend  your 
territory. 

That's  where  more  advanced  technology  will  come 
into  play.  Security-information  management  (SIM)  sys¬ 
tems  that  centralize  correlation,  reporting  and  manage¬ 
ment  for  multi-vendor  products  likely  will  become  stan¬ 
dard  options  from  many  vendors. 

SIM  products  use  data-aggregation  and  event-correla¬ 
tion  features  similar  to  those  of  network-management 
software  and  apply  those  features  to  event  logs  gener¬ 
ated  from  security  devices  such  as  firewalls,  proxy 
servers,  IDSs  and  anti-virus  software.  Also,  SIM  prod¬ 
ucts  can  translate  Cisco  and  Check  Point  alerts  into  a 

common  format  so  the 
data  can  he  correlated. 

NetForensics  is  working 
on  software  that  gathers 
information  generated  by 
all  the  different  point- 
products  —  such  as  fire¬ 
walls,  IDSs  and  anti-virus 
tools  -  to  decipher  what 
unauthorized  activity 
might  occur  on  a  network 
and  automatically  take 
steps  to  protect  it. 

"This  overarching  sys¬ 
tem  will  give  a  bird's- 
eye  view  of  what's  hap¬ 
pening  on  the  network, 
not  the  current  worm's- 
eye  view"  presented  by 
point  products,  says  Anton  Chuvakin,  security  special¬ 
ist  at  NetForensics. 

The  system  will  draw  from  a  knowledgebase  to  detect 
whether  an  attack  has  worm-  or  virus-like  characteris¬ 
tics  and  take  relevant  measures  to  protect  the  network. 

Chuvakin  says  security  professionals  might  not  be 
happy  letting  the  system  decide  on  and  apply  the  nec¬ 
essary  security  procedures,  and  says  the  first  gener¬ 
ation  of  the  software  will  offer  suggestions  instead. 
After  a  year  of  using  the  product,  users  should  feel 
comfortable  letting  the  system  make  decisions  by 
itself,  Chuvakin  says. 

He  says  that  this  system  would  also  incorporate  net¬ 
work  forensic  tools,  which  gather  information  after 
attacks  have  occurred  to  help  network  executives  inves¬ 
tigate  how  they  happened  and  the  nature  of  the  attacks. 
SIM  would  proactively  help  stop  attacks,  and  if  the 
attacks  were  successful  the  network  forensics  tools 
would  mine  the  information  about  the  hacks  to  beef  up 


the  system's  knowledgebase  and  theoretically  help  stop 
the  next  attack. 

Similarly,  Internet  Security  Systems  (ISS)  is  plan¬ 
ning  a  system  of  preventing  network  attacks  before 
specific  threats  are  publicly  identified  (see  story  at 
www.nwfusion.com,  DocFinder:  4425).  ISS'  Proventia 
Enterprise  Security  Platform  will  block  threats  based 
on  advanced  knowledge  of  vulnerabilities  that  ISS 
researchers  glean  by  working  closely  with  software 
vendors.  The  system  will  include  security  agents  for 
the  desktop  and  server  that  will  continuously  perform 
assessments  to  report  security  vulnerabilities  back  to 
an  ISS  management  console. 

Although  many  of  these  overarching  systems  are  in 
development,  Chuvakin  says  it's  worthwhile  for  compa¬ 
nies  to  continue  investing  in  point-products  that  address 
particular  parts  of  the  network.  This  is  especially  impor¬ 
tant  as  the  network  perimeter  become  distorted. 

Attack  fay  your  own  VPN 

Meanwhile  Ron  Nguyen,  director  of  Ernst  &  Young's 
Advanced  Security  Center,  says  he  has  seen  client  net¬ 
works  that  have  been  eaten  up  by  worms  because  of  a 
faulty  VPN  connection. 

"When  a  VPN  is  not  set  up  properly  it  creates  a  tun¬ 
nel  for  malware.  Spam  rings  target  DSL  and  cable  con¬ 
nections  for  open  tunnels  to  attack  the  VPN  and  take 
control  of  the  corporate  mail  server.  You  need  rigorous 
process  and  control  when  configuring  VPN  client  and 
servers,"  Nguyen  say. 

The  disappearing  perimeter  is  forcing  organizations  to 
protect  the  core  by  distributing  security  tasks  to  individual 
systems  and  servers  heing  covered  by  niche  security 
products,  says  Phil  Schacter,  vice  president  and  service 
director  at  Burton  Group. 

Such  products  include  personal  firewalls  on  desktops 
to  prevent  worms  or  viruses  from  infiltrating  the  core 
network,  and  application-level  and  Web  services  fire¬ 
walls  that  provide  a  security  filter  between  the  remote 
user  and  the  application  or  Web  site. 

At  the  core,  internal  firewalls  are  effective  tools  for 
identifying  and  mitigating  endpoint  systems  that  have 
been  infected  by  worms  or  other  malware,  Schacter 
says.  These  appliances  gather  data  about  traffic  flows 
from  switches,  routers  and  passive  devices  that 
examine  network  traffic  and  apply  policies  to  prevent 
attacks. 

An  ounce  of  cure  . . . 

Intrusion-prevention  firewalls  could  he  used  to  per¬ 
form  firewall  checks  in  the  datastream,  blocking  off 
ports  if  necessary. 

These  devices  are  responsible  for  a  subset  of  the 
network,  so  companies  would  need  a  few  of  them  to 
cover  the  whole  company,  Schacter  says. 

He  advises  companies  to  he  diverse  in  their  choice  of 
security  tools.  "Vendors  tend  to  use  the  same  security 
techniques  in  their  products  —  if  you  use  different  ven¬ 
dors'  products,  it  is  harder  to  attack,"  he  says. 


Spam  and  virus  protection  at  an  affordable  price. 

•  No  per  user  license  fees 

•  Prices  starting  at  $1399 

•  Powerful,  enterprise-class  solution 


AmawA 

NETWORKS 


'■^Copyright  2004,  Barracuda  Networks.  Inc.  All  rights  reserved.  Reclaim  Your  Email, and  Barracuda  Spam  Firewall  are  either 
trademarks  or  registered  trademarks  of  Barracuda  Networks,  Inc.  and/or  <t  subsidiaros  In  the  United  States  and/or  other  countries 


Aggressive  Reseller  Program 

POWERFUL  EASY  TO  USE  AFFORDABLE  Get  more  info  by  visiting  www.barracudanetworks.com/IFNY 

or  by  calling  1-888-ANTl-SPAM  or  408-342-5400 


f'l  ■  ).;W;  W  ;  .  H  I  Hi  ]  ’  ' 

GTA's  new  GB-2000  and  GB-250  firewall  appliances, featuring  Mail  Sentinel™  Anti-Spam  and  Mail  Sentinel™  Anti-Virus  subscription  options,  join  our 
existing  family  of  Internet  firewall  products,  backed  by  over  10  years  of  Internet  security  experience  and  powered  by  ICSA  4.0  Corporate 
certified  GN  AT  Box  OS. 

1-800-775-4GTA  •  www.gta.com  •  info@gta.com 


Sentinel 

Global  Technology  Associates,  Inc. 


xes,  lnc . 

r.' 


O 

% 


ie  q 


o\« 


A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  iocated  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
and  operating  systems.  KVM  switches  have 
traditionally  provided,  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 


Recognized  as  the  pioneer  of  KVM  switch 
technology,  Rose  Electronics  offers  the 
.  industry’s  most  comprehensive  range  of 
;  .  server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 
solutions.  Rose  Electronics  products  are 
known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology..'  ’ 

•  —  d ■  '  . 

Rose  Electronics  is  privately  held  with  world-. 

.  'headquarters  in  Houston,  Texas  and*  sells  its 
*H  products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 

'  Germany, ;  Benelux,  Singapore  and  Australia.  H 
'  '  ■  ;  '  '  ' 
aHEst  . .  ' 


'life 


$>se*  Electronics 
7"  Stand  iff  Road 
Texas  77099 

Sf 

& 


U  ’  +281  933  7673 

'fiW0P€:  +44(01  1264  850574 

6324  2322 
AUSTRALIA  -617  3388  1540 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


arn 


UitraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 
Secure  encrypted  operation  with  login  and  computer 
access  control 

Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 


800  333  9343 

WWW.ROSE.COM 


UltraConsoIe 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


•  Connects  up  to  1000  computers  to  a  KVM  station 

•  Models  for  4,  8,16  computers 

•  Advanced  visual  interface  (AVI) 

•  Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

•  Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

•  Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

•  Free  lifetime  upgrade  of  firmware 

•  Security  features  prevent  unauthorized  access 

•  Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 

•  Easy  to  expand 


UPROSE 

ELECTRONICS 


6:03  PM:  DNS  GOES  DOWN 


Adonis 


Schedule  your  free  demo  today. 

Visit  www.bluecatnetworks.com/adonis/nww 


Call  us: 

1.866.895.6931 


BiueCat  Networks,  the  BlueCat  Networks  logo.  Adonis  DNS/DHCP  Appliance.  XHA  and  the  Adonis  logo  are  trademarks  of  BlueCat  Networks.  Inc. 
Active  Directory  is  a  registered  trademark  of  Microsoft  Corporation. 


BlueCat  Networks 

simple,  secure  and  affordable  appliances 


W  BLUECAT  NETWORKS 


3:03  AM:  YOU'RE  CONVINCED  IT'S 

A  SIMPLE  ERROR,  BUT 
WHERE  IS  IT? 

9:08  AM:  YOUR  WIFE  CALLS  - 

NOW  SHE'S  UPSET 

The  Adonis  DNS/DHCP  Appliance™ 
finds  errors  instantly. 

Reclaim  Your  Network  And  Get  Your  Life  Back! 


<^>INSIDETHEDQMAIN  " 

www.  bluecatnetworks  com/subscribe 


EMERGING  MARKETS 


www.nwfusion.com 


How  Do  You 
Distribute 

20,000  Watts  in 

Your  Cabinet? 

Sentry  CDU  Cabinet  Power  Distribution 


High-density  Equipment  Cabient  Power  Distribution 
84-Outlet  Receptacles 
20,000  Watt  3-Phase  Power  Distribution  Model 
10,000  Watt  208  VAC  Power  Distribution  Model 

True  RMS  Power  Monitoring  per  Branch  Circuit 
Local:  Digitial  Displays,  Remote:  via  Interface 

Input  Pov/er  Monitoring  Facilitates  Load  Balancing 

Web  Interface 

SNMP,  MIB  &  Traps 

Integrated  Temperature  &  Humidity  Probes 

Color-coded  Outlets  by  Branch  Circuit/Electrical 
Phase  for  Easy  Identification 

Center  Rail  '  Notch'  for  Simplifying  Cabinet  Installation 


©Server  Technology,  Inc.  Sentry  is  a  trademark  of  Server  Technology.  Inc 


m 


3 


&  il 

s  r  1 
XX  I 


I 

z  ?, 

XXI 

1 


Server 
Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 

Power  demands  from 
today's  new  servers  require 
greater  power  distribution 
in  the  equipment  cabinet. 
The  Sentry  CDU  distributes 
power  for  up  to  42  dual¬ 
power  1 U  servers  in  one 
enclosure.  Single-phase  or 
3-phase  input  with  110  VAC, 
208  VAC  or  mixed  110/208 
VAC  single-phase  outlet 
receptacles. 


I 


i 


Server  Technology,  Inc. 

1040  Sandhill  Drive 
_  Reno.  NV  89521 -USA 

toll  free +1.800.835.1515 

tel  +1.775.284.2000 
fax +1.775.284.2065 
www.servertech.com 
sales@servertech.com 


.0$$ '  coB*LT 


WWW.RECURRENT.CDM 


DILUTE  YOUR  DEBT! 

Dilute  your  debt  with  Resource  Lynx,  the  top  lending  institution  in 
North  America  with  the  perfect  resources  to  help  you  be  financially  free. 
Resource  Lynx  guarantees  service  perfection  in  all  financial  needs! 

•  Debt  Consolidation  •  Refinancing 

•  All  Mortgages  •  Business 

•  Personal  help  and  much  more 

It  only  takes  one  phone  call,  48  hours  and  professional  help  to 
conquer  and  defeat  your  creditors.  At  Resource  Lynx  we  have  all  the 
answers  to  your  problems  so  call  now  888-524-1185  to  refine  your  credit! 

LIBERATE  YOURSELF 


Phone  #  1-888-524-1185  Fax#  1-888- 


NETWORK* 

INSTRUMENTS 


OBSERVER 


How  much  can  your  network  analyzer  see? 

Observer  is  the  only  fully  distributed  network  analyzer  built  to 
monitor  the  entire  network  (LAN,  802. 1 1  a/b/g.  Gigabit,  WAN). 
Download  your  free  Observer  10  evaluation  today  and  experience 
more  comprehensive  real-time  statistics,  more  expert  events, and 
more  in-depth  analysis  letting  you  dive  deeper  into  your  network 
than  ever  before.  Choose  Observer. 


-  DRflGER-  Guard  against  the  latest  network  threats  by  identifying 
and  isolating  infected  systems  automatically. 

-BRTR  Mini  nG-  Analyze  gigabit  traffic  and  massive  amounts 
of  data  with  Observer's  expanded  options  for  data  mining. 

-JUDK  TRRFFlC-  Identify  broadcast  storms,  monitor  excessive 
traffic,  and  optimize  bandwidth  with  Observer's  many  utilization 
metrics  and  over  30  real-time  statistics. 


US  &  Canada  toll  free  800.526.5958 

fax  952.932.9545 

UK  &  Europe  +44(0)  1959569880 


www.networkinstruments.com/analyze 


dtSearch 


dtSearch 


4  out  of  5  of  ^Fortune  Magazine’s  most  profitable  companies  purchased 
dptSearch  developer  or  multi-user  licenses  in  the  past  two^lfa  hMtd 


dtSearch* 


?|JdtSearch 

S  w ' 


0)  V 


r' 


CfTTim 

^  o  ■  ~ 

^  ^T'lndustrial-strength . 


L+i  K*T* 

VLrcLh/* 

*  S  I  . 

3,|"industrial-strength .. 

I  superb"-PC  Magazine 


dtSearch 


superb"-pc  Magazine 


V: 


Linux 


X  ft  1"  1  , 

^  3,|"lndustrial-strength 


dtSearch 


superb  -PC  Magazine 


I'# 


♦ 


l O  r+ 


qj  a) 


•rib 


"5 


*  ft 


3'r'lndustrial-strength 


Industrial-strength.. 
sunerb"-pc  Magazine 


♦ 


- 


SUperb"-PC  Magazine 


See  www.dtsearch.com  for 

♦  hundreds  of  developer  case  studies  &  reviews  i 

♦  fully-functional  evaluations JMMfetfftMIW 


1-800-IT-FINDS 

sales@dtsearch.com 


Instantly  Search  Gigabytes  of  Text  Across 
a  PC,  Network,  Intranet  or  Internet  Site 

Publish  Large  Document  Collections 
to  the  Web  or  to  CD/DVD 

♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  &  PDF  while  displaying  embedded 
links,  formatting 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

dtSearch  Reviews... 

The  most  powerful  document  search  tool  oo  the  market" 

—  Wired  Magazine 

PC  World 


♦  “Intuitive  and  austere  ...  a  superb  search  too!” 

Blindingly  fast”  —  Computer  Forensics:  incident  Response  i 

Essentials 

8 

A  powerful  arsenal  of  search  tools”  —  The  New  York  Tiroes 

♦  “Covers  all  data  sources  ...  powerful  Web-hased  engines” 

—  eWEEK 

Searches  at  blazing  speeds”  —  Computer  Reseller  News 

Test  Center 

s  mm»wwh  W%W&BS$£St 


it  careers.com 


Application  Support  Technical 
Analyst,  Wachovia  Corp., 
Charlotte,  NC.  Work  w/  bus.  unit 
S  tech,  partners  to  resolve  probl. 
tickets  for  issues  w/customer 
channels  &  other  various  apps. 
Reqs.  BA  in  Comp.  Tech,  or 
equiv.  2  yrs.  exp  in  pos.  offd  or 
as  a  Java  Dev.  or  IT  Analyst. 
2yrs.  exp.  incl.  work  w/  prod 
web  apps.  using  J2EE  archit  & 
design,  prog.  Lang,  such  as 
Java  (incl  Java  Servlets  &  Java 
Server  Pages),  DHTML,  XML, 
SQL.  Stored  Proced.  &  Unix 
Shell  Scripting,  supporting  apps. 
such  as  WSAD,  DreamWeaver 
MX,  Remedy  Action  Request 
System  &  AutoSys,  as  well  as 
work  w /  databases  such  as  MS 
Access  2000,  Oracle  9i  or  high¬ 
er  &  Sybase  12.5.1.  1  yr.  exp. 
must  incl.  prov.  tech,  support  for 
prod.  apps.  M-F,  8-5.  Send 
resume  to  Meredith  Elberson, 
Wachovia  Corp.,  401  S.  Tryon 
St.,  NC0475,  Charlotte,  NC 
28202.  No  phone  calls. 


Comp  Software  Engr.  Analyze 
and  design  systems  &  programs. 
Design  interface  btwn  mainframe 
&  and  client  server  database; 
Formulate  engrg  quality  stndrs. 
Provide  engrg  support  &  func¬ 
tions  for  software  &  system  prob¬ 
lems.  Determine  feasibility  of 
design,  train  in-house  staff. 
Requirements;  BA  in  computer 
Science  or  equiv  or  foreign 
equivalent  and  2  yrs  related 
experience.  40  hours/  week  8:00 
A.M.  to  5:00  PM.  Location  of 
employment  will  be  Highway 
268-E,  North  Wilkesboro,  North 
Carolina.  Send  resumes  to  Marc 
L.  Kinney,  Project  Manager, 
Comforce  Technologies,  6470 
East  Johns  Crossing,  Suite  170, 
Duluth,  GA  30097. 


Programmer/Analyst  needed  for 
Software  Development,  Services 
&  BPO  firm  located  in  Burlington, 
VT.  Job  duties  include:  Analyze, 
design,  develop,  and  integrate 
CRM  based  applications.  Use 
SQL  server,  HTML,  XML,  and 
COM.  Use  object  oriented  tech¬ 
nologies.  Applicant  must  have 
B.S.  degree  in  Computer 
Science,  Business,  Math  or 
Engineering.  Applicant  must  also 
have  2  yrs.  exp.  in  the  job  duties 
described  above  or  in  any  com¬ 
puter  related  occupation  which 
must  include  skills  listed  above. 
40hrs/wk,  8:00am-5:00pm,  Mon- 
Fri,  $60,000/yr.  Send  resumes 
to:  Job  No.  29794,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 


IT  Technicians  needed.  Seek¬ 
ing  qual.  candidates  with  BS 
or  equiv.  &/or  rel.  work  exp. 
Part  of  req.  rel.  exp.  must 
include  1  year  working  w/net- 
work  routers.  Duties  include: 
provide  technical  assistance 
&  training  for  users  in  20 
Houston  facilities,  maintain 
backup  &  Lotus  Notes  Dom¬ 
ino  Server/Client,  purchase 
computer  equip,  for  all  Hous¬ 
ton  facilities.  Fwd.  resume  & 
ref.  to  The  Salvation  Army, 
Attn:  I.T.  Department,  1500 
Austin  St.,  Houston,  TX 
77002. 


Software-Consultant:  consulting 
for  Business  Process  Manage¬ 
ment  Solution.  Degree  in  CS  & 
software  development  experi¬ 
ence  required  Extensive  travel. 

Software-SAP  Consultant:  imp¬ 
lement  &  maintain  SAP  system 
software  package,  consult  on 
business  process  design  &  pro¬ 
gram  development,  support  op¬ 
erations  of  SAP  users.  BS  in  CS, 
Industrial  Engineering  or  related 
&  exp.  in  SAP  consulting. 

Samsung  SDS  America  Inc.  85 
W.  Tasman  Drive,  San  Jose,  CA 
(95134  Attn:  Reshma  (HR). 


SOFTWARE  ENGINEER  (4 
positions)  to  provide  on-site  con¬ 
sulting  in  design,  development 
and  maintenance  of  large  object 
oriented  network  management 
applications  for  telecom  industry 
including  NMS  Applications  and 
NetExpert  VSM  Rules  Dev¬ 
elopment  using  OO  analysis  and 
design,  NetExpert,  Unix,  Java, 
Oracle,  SQL,  TL1,  SNMP, 
SONET,  ATM  and  FrameRelay. 
Require  Master  in  Computer 
Science/  Information  Systems/ 
Business  Administration  or 
closely  related  with  three  years 
experience  in  the  job  offered  or 
any  experience  providing  skills 
in  described  duties.  40%  travel 
required  to  client  sites  within  the 
U.S.  Competetive  salary  and 
benefits.  40-hour  week,  M-F. 
Mail  resume  to:  Amanda 
McGannon,  Operations  Man¬ 
ager,  Chemtech  Ltd.,  1948 
Raymond  Drive,  Northbrook,  IL 
60062. 


Exelpoint,  Inc. 

Programmer  Analysts:  Design 
and  develop  in  PeopleSoft  8.x 
HRMS  including  PeopleTools, 
App  Engine,  Component  Inter¬ 
faces,  workflow,  security,  sqrs, 
DB2,  SQL  Server,  Oracle,  UNIX 
and  NT.  Develop  programs 
using  Java,  ASP,  XML,  Java¬ 
Script,  VB  Script  and  Plumtree 
portal.  Req.  Bachelor's  in  Comp. 
Science  or  Engg.  or  related  and 
2  yrs  of  exp. 

Send  Resume  to:  Exelpoint,  Inc. 
125  Belle  Forest  Circle,  Ste  203, 
Nashville,  TN  37221.  E-mail: 
recruitina@excelDoint.com. 


Software  Dev.  Co.  req.  Software 
Eng  w/MS  &  lyr  exp.  &  Prog. 
Analyst  w/BS  &  24  mos.  exp.  in 
foil:  Visual  Basic,  Oracle, 
PowerBuilder,  Sybase,  Java, 
Unix,  C++,  AS/400,  SQL  Serv, 
Synon,  Cobol,  Lotus  Notes, 
SAP,  Java  Script,  HTML,  DB2, 
Corba,  CICS,  ILE,  RPG,  EJB, 
Siebel,  JD  Edwards,  WebLogic, 
Rational  Rose.  Equiv.  Deg.  & 
exp  also  accepted.  Travel  & 
Relocation  req.  anywhere  in 
U.S.  Send  res.  to  Attn:  Recruiter, 
Allied  Informatics,  Inc,  928 
Broadwater  Ave,  Suite  203, 
Billings,  MT  59101. 


System  Administrator  (Elmhurst, 
NY):  Conduct  system  set-up, 
integration  &  maintenance  in 
Windows  98/NT;  configure  TCP/ 
IP  protocols  &  d'base  server; 
Dsgn  &  dvlp  interfaces  btw  sys¬ 
tems  &  d'base  w/  C,  VB  & 
Oracle;  Set  up  multilanguage- 
supported  program;  Implement 
backup,  recovery  strategy  on 
d'base;  Dsgn  &  maintain  intranet 
w/  HTML  &  ASP.  Must  have  MS 
in  CS,  Comp  Engg  or  Telecom¬ 
munications  &  Network  Manage¬ 
ment  +  1  yr  exp.  Must  have  skills 
in  C,  VB,  TCP/IP,  HTML  & 
Oracle.  Resume  to  HR  Dept. 
Happy  Dragon  of  New  York,  86- 
02  57th  Ave,  Elmhurst,  NY 
11373. 


IT  Consultant  (Walnut  Creek, 
CA)  Install,  configure  &  sup¬ 
port  area  network  systems. 
Maintain  network  hardware  & 
software.  Monitor  network  & 
perform  maintance.  Solve 
problems  &  develop  solu¬ 
tions  for  hardware  &  soft¬ 
ware.  Consult  w/clients.  BSE 
in  Elec.  Eng/Comp.  Sc  +2  yrs 
exp  reqd,  9am-5pm,  40 
hrs.wk.  Resumes  to:  Attn: 
Jenny  Wang,  Hemark  Corp¬ 
oration,  3724  Ranch  Estates 
Ct. ,  Walnut  Creek,  CA 
94598. 


Lead  Software  Engineer  to 
serve  as  Technical  Lead  in  the 
development  &  implementation 
of  preset  filters  per  business  unit 
requirements.  Will  write  techni¬ 
cal  design  document  for  team 
members,  conduct  design  and 
code  reviews,  liaise  with  project 
team  members  directly  on  task 
status  &  report  to  project  man¬ 
agement.  Will  lead  in  the  design 
of  a  new  logic  to  create  partial 
bar  data  for  ATP  Charts;  design, 
develop  and  implement  perfor¬ 
mance  test  tools  for  measuring 
Charts,  Filters  and  Time  and 
Sales  request  response,  and  will 
be  responsible  for  system  inte¬ 
gration  testing  of  different  Vhayu 
components.  Will  extensively 
use  TCL  scripts,  Tibco  Timer 
API,  Vhayu  API  and  PERL 
scripts  in  a  Windows  2000 
Server,  Visual  C++,  Solaris  2.8, 
JAVA  and  UNIX  Shell  script  envi¬ 
ronment  in  performing  above 
duties.  Requires  B.Sc.  in 
Computer  Science,  Engineering, 
Math,  or  Physics  plus  4  years 
exper  in  job  offered,  OR  four  4 
yrs  in  client  server  development 
in  a  UNIX  environment.  Cand¬ 
idate  must  also  possess  demon¬ 
strated  expertise  in  the  follow¬ 
ing:  real-time  data  processing 
applications  using  TCL  and 
Vhayu  API;  in  using  OLTP  filters 
in  TCL  and  PERL;  and  in  devel¬ 
oping  financial  marketing  data 
feed  middleware  using  RV  timer 
and  PERL.  Salary:  $86,200/yr, 
M-F,  9AM-5PM.  Send  2  res¬ 
umes  to  Job  Order  #  2004-1373, 
P.O.  Box  989,  Concord,  NH 
03302-0989.  EOE.  Applicants 
must  be  U.S.  workers  eligible  to 
accept  full-time  employment  in 
U.S. 


Seeking  qualified  applicants  for 
the  following  positions  in 
Orlando,  FL:  Senior  Progr¬ 
ammer  Analyst.  Formulate/ 
define  functional  requirements 
and  documentation  based  on 
accepted  user  criteria.  Req¬ 
uirements:  Bachelor's  degree  or 
equivalent*  in  computer  science, 
MIS,  mathematics,  engineering 
or  related  field  plus  5  years  of 
experience  in  systems/applica¬ 
tions  development.  Experience 
with  C++,  UNIX  and  Shell 
Scripting  (UNIX  Shell  Script  or 
Perl  Script)  also  required. 
'Master's  degree  in  appropriate 
field  will  offset  2  years  of  gener¬ 
al  experience.  Submit  resumes 
to  Sudhir  Jahagirdar,  FedEx 
Corporate  Services,  1900 
Summit  Tower  Blvd.,  Suite  1400, 
Orlando,  FL  32810.  EOE 
M/F/DA/. 


PROGRAMMER  ANA¬ 
LYSTS  (multiple  positions) 
sought  by  Edison,  NJ- 
based  s/ware  consultancy 
firm.  Must  have  2  yrs  of  rel¬ 
evant  software  experience. 
Respond  to:  AK  Systems, 
Inc,  100  Metroplex  Drive, 
Suite  303,  Edison,  NJ 
08817  or  http://www.aksys- 
tems-inc.com/joinnow.htm. 


Statera,  Inc.  seeks  applicants  for 
the  position  of  Software 
Consultant  (Programmer/Ana¬ 
lyst)  in  Greenwood  Village,  CO 
to  design  and  develop  new  web- 
based  Java  software  applica¬ 
tions  as  well  as  enhancements 
and  modifications  to  existing 
software.  Requirements  include 
a  bachelor's  degree  in  business, 
computer  science  or  related  field 
and  working  knowledge  of  Java 
Servlets,  Enterprise  Java 
Beans,  Apache  Application 

Server  and  Unix-Solaris. 

Respond  by  resume  to  Karey 

Brown,  Statera,  8101  E. 

Prentice  Ave.,  Ste.  700, 
Greenwood  Village,  CO  80111. 


I 


I 


Search 


on  www 


The  World  Of 
Work  Is  Changing 
Every  Week. 


Computerworld  -  InfoWorld  -  Network  World  -  November  29,  2004 


NW112904E/MW/W.2 


NetworkWbrM 

Is  security  ripe 
■:~r^  fijSEs;  for  outsourcing? 


Colleges  cram  for  test  -  agamas  sasr- 

of  new  security  pians  siuiS  EiSSrla;  E£r?.r.E 

Keeping  track  of  NASCAR 


re  v»  ■Wvrp  «  swt  .■» 


Reading  someone  else’s  copy  of 

NetworkWorU 

Apply  for  your  own 

FREE 

subscription  today. 

my.nww.com/b04 

FREE  subscription 

(51  Issues) 


Apply  online  at:  my.nww.com/b04 


Apply  for  your  FREE 

Network  World  subscription  today! 


A  $129  value 

[  YOURS  FREE 

my.nww.com/b04 


is  the  place  where 
your  fellow  readers 
are  getting  a  jump 


on  even  more  of  the 


world’s  best  jobs. 


Now  combined  with 


CareerJournal.com, 
you  have  more  jobs 


to  choose  from. 


Stop  in  for  a  visit 
and 

see  for  yourself  at: 


www.itcareers.com 


SAS 

Applications 

Developer 


Seeking  SAS  Applications  De¬ 
veloper  to  plan,  develop,  test, 
document  computer  programs 
under  close  supervision  by 
applying  knowledge  of  SAS 
programming  techniques  and 
computer  systems  to  meet 
business  needs.  Use  SAS/BA- 
SIC,  SAS/MACRO,  SAS/PROC, 
SAS/STAT,  SAS/SQL,  PC  SAS, 
Mainframe  SAS,  DB2,  Crystal 
Reports,  JCL.  Analyze  client/ 
user  needs  to  design  new  pro¬ 
grams  for  implementation  of 
new  systems,  evaluate  user 
requests  for  new/modified  pro¬ 
gram  to  determine  feasibility, 
cost,  time  required,  and  com¬ 
patibility  with  current  system/ 
computer  capabilities.  Formu¬ 
late  plan  outlining  steps  to  de¬ 
velop  programs,  using  struc¬ 
tured  analysis  and  design. 
Convert  project  specifications 
into  sequence  of  detailed  in¬ 
structions  and  logical  steps  for 
coding  into  language 
processable  by  computer,  ap¬ 
plying  knowledge  of  computer 
prog,  techniques  and  computer 
languages.  Analyze,  review, 
alter  program  to  increase  op¬ 
erating  efficiency  and  adapt  to 
new  requirements.  Write  docu¬ 
mentation  to  describe  program 
development,  logic,  coding, 
corrections.  Requires  Bach¬ 
elors  or  equivalent  in  Comp. 
Science,  Statistic  Computing, 
or  MIS;  and  one  year  experi¬ 
ence  in  the  job  offered  or  re¬ 
lated  occupation  such  as  Pro¬ 
grammer  ,  Research  Asst., 
Statistician.  The  one  year  re¬ 
quired  experience  must  in¬ 
clude  six  months  applied  work 
experience  with  all  the  follow¬ 
ing  (employer  will  accept  ex¬ 
perience  gained  concurrently): 
SAS/BASIC,  SAS/MACRO, 
SAS/PROC,  SAS/STAT,  SAS/ 
SQL,  PC  SAS  and  Mainframe 
SAS,  DB2,  Crystal  Reports, 
JCL.  Terms:  40  hrs.  perwk.,  8 
a.m.  -  5  p.m.  $44,1 90  per  year. 
Location:  Orlando,  FL.  Send 
resume  to:  Workforce  Program 
Support,  PO.  Box  10869,  Tal¬ 
lahassee,  FL  32302-0869.  Re- 
ferto  job  order  #  FL-2579284. 


Looking  for 
a  new  IT  career? 


The  itcareers.com 

jobs  database  can 
help  you  find  one. 

Check  us  out  at: 

www.itcareers.com 

or  call  (800)  762-2977 


Owner 


p 

'  » .lip  I.v; 

W\z  ,  : 

'  U\  l  .prtt\X\TiCir\  bcrorc 

~  W  ($-1))  comma  outer  Wp. 

T  tmyott  ja\  • 


For  over  20  years,  Syntel  employees  across  North  America,  Europe,  and 
Asia  have  helped  build  advanced  information  technology  systems  for  lead¬ 
ing  Fortune  500  companies  and  government  organizations  to  improve  their 
efficiency  and  competitiveness.  Today,  Syntel  professionals  are  building 
rewarding  careers  by  providing  solutions  in  e-business,  CRM,  Web  Design 
and  Data  Warehousing. 

Come  discover  why  Forbes  magazine  placed  Syntel  second  on  its  list  of 
“The  200  Best  Small  Companies  in  America"  and  Business  Week  ranked 
us  #1 1  on  its  list  of  Hot  Growth  Companies. 

Due  to  our  rapid  growth,  we  have  immediate,  full-time  opportunities  for 
both  entry-level  and  experienced  Software  Engineers,  Consultants, 
Programmers,  Programmer/ Analysts,  Project  Leaders,  Project  Managers, 
Supervisors,  Database  Administrators,  Computer  Personnel  Managers 
and  Computer  Operations/Account  Managers/Account  Executives  with 
any  of  the  following  skills: 

Mainframe 

•  IMS  DB/DC  or  DB2,  MVS/ESA, 

COBOL,  CICS 


Focus,  IDMS  or  SAS 


DBA 

•  ORACLE  or  SYBASE 

Client-Server/WEB 

•  Siebel 

•  Websphere 

•  Com/DCom 

•  Web  Architects 

•  Datawarehousing 

•  Informix,  C  or  UNIX 

•  Oracle  Developer  or  Designer  2000 

•  JAVA,  HTML,  Active  X 

•  Web  Commerce 

•  SAP/R3,  ABAP/4  or  FICO  or  MM 
&SD 


•  DB2 


Oracle  Applications  &  Tools 

Lotus  Notes  Developer 

UNIX  System  Administrator 

UNIX,  C,  C++,  Visual  C++,  CORBA, 

OOD  or  OOPS 

WinNT 

Sybase,  Access  or  SQL  server 

PeopleSoft 

Visual  Basic 

PowerBuilder 

IEF 


Account  Executives,  Account  Managers  and 
Business  Development/ Account  Specialist 

positions  available. 

Some  positions  require  a  Bachelor's  degree,  others  a  Master's  degree.  We  also 
accept  the  equivalent  of  the  degree  in  education  and  experience. 

With  Syntel  (NASDAQ:  SYNT),  you’ll  enjoy  excellent  compensation,  full  benefits, 
employee  stock  purchase  plan  and  more.  Please  forward  your  resume  and 
salary  requirements  to:  Syntel,  Inc.,  Attn:  Recruiting  Mariager-LDII, 

525  E.  Big  Beaver,  Suite  300,  Troy,  Ml  48083.  Phone:  248-619-2800; 
Fax:  248-619-2888.  Equal  Opportunity  Employer. 


S*=»ISni"EL 

www.syntelincx&m 


NW112904E/MW/W.1 


Computerworld  -  InfoWorld  -  Network  World  -  November  29,  2004 


it  careers.com 


careers 


Senior  Software  Engineer  to 
serve  as  development  lead  in 
design  &  development  of  real 
time  pricing  application  servers 
and  adapters  and  run  time 
libraries  on  UNIX  (Solaris)  plat¬ 
form  using  C/C++,  Java,  Perl, 
Rogue  Wave  libraries,  TIBCO 
APIs,  and  locally  developed 
FPX-API.  Responsible  for  pro¬ 
ject  management;  definition  of 
technical  requirements;  vendor 
&  client  communication  and  task 
coordination  among  team  mem¬ 
bers.  Assist  infrastructure  team 
in  installation  &  verification  tasks 
in  production  environment; 
develop  User  Exit  shared 
libraries  for  release  3.0  reengi¬ 
neering  project;  support  &  main¬ 
tain  mapping  tables  and  TIBCO 
data  dictionary;  provide  techni¬ 
cal  &  application  support  for 
pricing  applications  &  TIBCO 
software  components;  solve 
data  content  issues  that  occur  in 
production  &  provide  training 
courses  to  support  engineers. 
Requires  Bachelor's  in  Comp. 
Sci.,  Eng.,  Math,  or  Physics  plus 
3  years  exper  in  Job  Offered  OR 
3  yrs  in  design  &  implementation 
of  market  data  feed  middleware. 
Candidate  must  also  possess 
demonstrated  expertise  in  the 
following;  developing  data 
extraction  and  normalization 
applications  and  middleware 
using  Rogue  Wave  APIs  and 
TIBCO  APTs  in  UNIX/LINUX 
environment;  in  object-oriented 
design,  analysis  &  programming 
in  C++,  Java,  Perl  and  Shell 
scripts;  and  in  performance  tun¬ 
ing  and  memory  management 
using  Rational  Quantify  and 
Purify,  and  in  source  control 
management  and  defect  track¬ 
ing  using  Rational  ClearCase 
and  ClearQuest.  Salary: 
$86,200/yr,  M-F,  9PM-5PM. 
Send  2  copies  of  resume/letter 
of  application  to  Job  Order  #: 
2004-484,  P.O.  Box  989, 
Concord,  NH  03302-0989. 
EOE.  Applicants  must  be  U.S. 
workers  eligible  to  accept  full¬ 
time  employment  in  U.S. 


F/T  Jr.  Software  Engineer.  Re¬ 
sponsible  for  developing  full  life- 
cycle  object  oriented  software. 
Design  of  application's  specifi¬ 
cations  using  JNI,  JMS,  Signed 
Applet,  JAAS  Security  using 
Struts  1.1,  JMX,  XML,  Apache 
Tomcat,  Visual  Source  Safe, 
UML  modeling  using  Rational- 
Rose  98  and  ErEwin.  Enhance¬ 
ment  of  applications  documenta¬ 
tion  of  software  user  require¬ 
ments,  running  a  real  time  oper¬ 
ating  system  viz  Windows  95, 
98,  2000,  NT,  and  LINUX  using 
JAVA  RMI.  Application  server 
deployment  using  JRUN  3.2, 
JBOSS  3.0.0  and  Netscape 
Application  Server  4.0.  Must 
have  a  Bachelor's  degree  in 
Electronics  Engineering,  related 
field  or  foreign  degree  equiva¬ 
lent.  Must  have  2  yrs.  of  exp.  in 
job  offered  or  a  position  with 
same  duties.  Salary:  Competi¬ 
tive.  Send  resume  to:  Srivatsan 
Ramchandran,  AMI,  6145-F 
Northbelt  Pkwy.,  Norcross,  GA 
30071. 


Client  Server  Operations 
Specialist  -  Clarify 
Administration 

Provide  technical  administration 
&  customization  for  the  Clarify 
CRM  product  (application)  in 
Windows  NT/2000/XP,  i.e„ 
Clarify  maintenance,  customiz¬ 
ing  forms,  system  architecting, 
system  re-engineering,  data¬ 
base  optimizations,  integrating 
user  interface,  database  model¬ 
ing,  database  tuning.  Creating 
prototypes,  writing  shell  scripts, 
triggers,  stored  procedures, 
code  migration  &  testing.  40 
Mrs.,  M-F,  9am-6pm,  Job  locat¬ 
ed  in  Miami,  FL,  $56,000.  Req. 
B.S.  or  equiv.  in  Computer  Sc., 
Engineering  or  Math,  &  2  Yrs. 
Exp.  Resumes  to:  Agency  for 
Workforce  Innovation  P.O.  Box 
10869,  Tallahassee,  FL  32302. 
Ref.  Job  Order  #2579780. 


COMPUTER  PROFESSIONALS 
Opportunities  for: 

•  SYSTEMS/BUSINESS/ 
PROGRAMMER  ANALYSTS 

•  PROCESS  CAPABILITY 
ANALYST 

•  QC  ANALYST 

•  WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 
SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  OFtACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA,  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML, UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL  •  SPYPERL 

•  SMALLTALK  ■  PL/SQL 

•  VISUAL  AGE  •  COBOL,  SPL, 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 
Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H.R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call 
973-299-4000.  E-mail:  jobs@ 
computerhorizons.com.  An 
Equal  Opportunity  Employer  M/F. 


Computer  Professionals 
(Multiple  Openings) 

Software  Engineer/Systems  An- 
alyst/Database  Administrator/ 
Network  Administrator  Milwau¬ 
kee,  Wl.  Must  have  bachelors 
degree  or  equivalent  and  experi¬ 
ence  in  some  of  the  following 
skills:  C/C++,  Java,  Web  Meth¬ 
ods,  Cold  Fusion,  Microsoft  Te¬ 
chnologies  (Visual  Basic,  .NET, 
ASP)  CRM  (Siebel,  Clarify,  Vant- 
ive),  Middle  Ware  Technologies 
(Orbix,  Corba,  Tibco,  Vitria)  Data 
Ware  Housing  Tools  (Informati¬ 
cs,  Data  Stage,  Abinitio,  Busin¬ 
ess  Objects,  Cognos,  Micro 
Strategy,  Brio)  ERP  (SAP,  Peo¬ 
ple  Soft,  Oracle  Apps,  Baan), 
Mainframe  (Cobol,  CICS,  JCL, 
VSAM)  AS400,  Ecommerce, 
Databases  (SQL  Server/Oracle/ 
DB2/Sybase),  Microsoft  Win¬ 
dows  (95/98/NT/2000, Exchange 
),  UNIX  (Sun  Solaris,  HP,  AIX), 
Linux  and  QA  (Win  Runner, 
Load  Runner,  Silk,  Quickpro, 
Manual  Testing).  Position  re¬ 
quirement:  Must  be  willing  to 
travel  and  /or  relocate  per  pro¬ 
ject  specification.  Mail  your 
resumes  to:  iobs@iksolution 
sinc.com  or  Human  Resource 
Director.  IK  Solutions  Inc,  1840 
N.  Farwell  Ave,  Suite  #  306 
Milwaukee,  Wl  53202. 


Programmer/Analyst  needed  for 
Software  Development,  Services 
&  BPO  f  rm  located  in  Burlington, 
VT.  Job  duties  include:  Analyze, 
design,  implement  and  code 
applications  for  clients  located 
throughout  the  U.S.  Use  J2EE 
technologies,  WebLogic,  EJB, 
Webmethods,  and  Ariba. 
Applicant  must  have  B.S.  degree 
in  Computer  Science,  Business, 
Math  or  Engineering.  Applicant 
must  also  have  2  yrs.  exp.  in  the 
job  duties  described  above  or  in 
any  computer  related  occupation 
which  must  include  skills  listed 
above.  40hrs/wk,  8:00am- 
5:00pm,  Mon-Fri,  $60,000/yr. 
Send  resumes  to:  Job  No. 
29790,  P.O.  Box  488,  Montpelier, 
VT  05601-0488. 


Software  Engineers:  Design/ 
develop  internet  appls.  in  Win¬ 
dows/Unix  applying  OO  tech.  & 
using  C/C++,  Java,  JSP,  Servlet 
&  EJB;  design  appls.  for  pricing 
engine  to  obtain  data  fr.  Oracle 
db  using  Tuxedo,  ProC,  Trig¬ 
gers,  Unix  Shell  Scripts,  PL/ 
SQL,  &  Weblogic;  develop  GUI 
screen  using  JavaScript,  HTML 
and  VB;  troubleshooting,  testing 
and  debugging.  Require  BS/BA 
or  the  equivalent  in  Comp.Sci., 
Engr,  MIS,  or  in  a  closely  related 
field  plus  min. 3  yrs  exp.  and  be 
able  to  perform  all  duties  on  the 
day  of  employment.  Full  time. 
Resume  to  The  Crawford  Group, 
Inc.  at  isjobs@erac.com.  Re¬ 
fer  to  CW11/29/04SRSWE  in  the 
subject  line.  NO  CALL/EOE. 


IT  Technical  Lead,  Web  Dvlp., 
Wachovia  Corp.,  Charlotte,  NC. 
Dev.,  analyze  &  implement  soft, 
systems  for  global  fixed  income 
trading.  Reqs.  BA  in  Elect,  or 
Comp.  Eng.  &  4yrs.  exp  in  pos. 
offd  or  as  Analyst  Prog., 
Member  IT  Tech.  Staff  or  Soft. 
Prog.  4  yrs  must  incl.  dev.  soft, 
programs  using  J2EE.  C++, 
Java,  Weblogic,  Sybase,  JSP, 
EJB,  JDBC,  Webservices,  JMS 
&  XML/XSLT,  with  lyr  dev.  exp. 
w /  ECLIPSE  platform.  6ms. 
exp.  dev.  foreign  exch.  techn. 
bus.  model  for  online  &  trading 
apps.  utilizing  elect,  trading 
platforms/servers.  M-F,  8-5, 
Send  resume  to  Meredith 
Elberson,  Wachovia  Corp.,  401 
S.  Tryon  Street,  15th  Floor, 
Charlotte,  NC  28288-0475.  No 
phone  calls. 


Programmer/Analyst  needed  for 
Software  Development,  Services 
&  BPO  firm  located  in  Burlington, 
VT.  Job  duties  include:  Analyze, 
design,  develop  and  implement 
computer  applications  for  clients 
located  throughout  the  U.S.  Use 
Java,  XML,  Tomcat,  Rational 
Rose,  Oracle  and  J2EE  tech¬ 
nologies.  Applicant  must  have 
B.S.  degree  in  Computer 
Science,  Business,  Math  or 
Engineering.  Applicant  must  also 
have  1  yr.  exp.  in  the  job  duties 
described  above  or  in  any  com¬ 
puter  related  occupation  which 
must  include  skills  listed  above. 
40hrs/wk,  8:00am-5:00pm,  Mon- 
Fri,  $60,000/yr.  Send  resumes 
to:  Job  No.  29816,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 


Software  Engineers,  &  Program¬ 
mer  Analysts  needed  for  Rl 
based  IT  firm.  Will  need  Bach  + 
2  yrs  of  exp  for  Jr.  Lvl  positions 
or  Masters  +1  yr  or  Bach  +  5  yrs 
exp  for  Sr.  Lvl  Positions  with 
Various  skills  req:  SAP,  People- 
Soft,  Siebel,  Oracle  ERP,  Busin¬ 
ess  Objects,  Cognos,  Oracle, 
Informatica,  Java,  C,  C++,  Win 
NT,  UNIX,  HTML,  DHTML,  DB2, 
JavaScript,  VB,  COM,  SQL 
Server,  ASP,  Servlets,  PL/SQL, 
Perl,  Sun  Solaris,  CISCO, 
DHCP/DNS/  WINS,  Cisco  PIX 
firewalls,  CISCO  IP  Telephony. 
Apply  with  2  copies  of  resume  to 
H.R.  Dept,  MCS  Global,  Inc., 
One  Richmond  Square,  Suite  # 
134C,  Providence,  Rl  02906. 


S/ware  Consultancy  firm  in 
Metro  Atlanta  area  seeks  follow¬ 
ing  people  with  B.S.  in  Comp 
Sci,  Engg  or  equiv  plus  2  yrs  exp 
as  indicated: 

•  Software  Engineers  (multiple 
positions):  2  yrs  exp  in  Web 
apps  with  ColdFusion  or  ASP, 
Oracle  or  SQL  server  reporting, 
Crystal  Reports,  and  JavaScript 

•  Business  Analyst:  2  yrs  exp  in 
SAP  SD  and  BW  for 
business/financial  systems. 

Respond  to:  HR  Dept.,  Horizon 
Int'l  Trd.,  Inc.,  1875  Graves 
Road,  Norcross,  GA  30093. 


Software  Engineer  to  participate 
in  full  cycle  of  software  engin¬ 
eering  activities  and  lead  team 
in  analysis  of  requirements,  de¬ 
sign,  development  and  mainte¬ 
nance  of  applications  and  tech¬ 
nical  specifications;  testing;  im¬ 
plementation  and  documenta¬ 
tion.  Requires  BS  in  Computer 
Science,  Engineering  or  closely 
related  field  plus  4  yrs  experi¬ 
ence  as  Applications  Developer 
of  applications  for  auto  industry 
which  must  include  Web  Logic, 
ClearCase,  ClearQuest,  Ration¬ 
al  Rose,  Load  Runner,  J2EE. 
Send  resume  to  IS  Human 
Resources,  Attn:  JMVL,  Craw¬ 
ford  Group,  600  Corporate  Park 
Dr.,  St.  Louis,  MO  63105. 


DBA/SysDev  -  Louisville,  KY 
management  and  tech  consult¬ 
ing  firm  seeks  individual  to: 
Analyze  client  tech  needs, 
develop  computer  databases/ 
systems  using  structured  analy¬ 
sis,  data  modeling,  and  informa¬ 
tion  engineering;  Coordinate 
computer  program  installation 
and  maintenance;  monitor  and 
modify  existing  databases;  de¬ 
velop  eBusiness  models  for 
clients  using  webFocus  main¬ 
frame,  webFocus  MAINTAIN, 
webFocus  Developer  Studio, 
Visual  Basic,  java,  Cold  Fusion, 
ASP.net  and  C++.  Identify 
growth  opportunities,  risks,  and 
solutions;  install  and  configure 
SQL  server  2000  Database  and 
Oracle  9i;  write  reports  using 
webFocus  MAINTAIN;  devel¬ 
op/administer  client/server  apps, 
multimedia,  and  Internet  tech¬ 
nology,  including  websites  using 
Cold  Fusion.  Req:  Bachelors 
Degree  in  Computer  Science  or 
related  field.  Three  years  of  DBA 
or  SysDev  experience;  One  year 
of  IT  healthcare  industry  experi¬ 
ence;  Travel.  Submit  resume 
with  references  to  QI3,  291  N. 
Hubbards  Lane,  Suite  B26-187, 
attn:  HR-ITC-DBA042,  Louis¬ 
ville,  KY  40207. 


Siebel  Technical  Architect 
Customize  &  implement  Siebel 
CRM  package  with  information 
systems  including  analysis, 
requirements  definition,  design, 
construction  &  integration  with 
company  applications.  40  Hrs., 
M-F,  9am-5:30pm,  Job  located 
in  Miami,  FL,  $73,000.  Req:  B.S. 
or  equiv.  in  Computer  Sc., 
Engineering  or  Math  &  2  yrs  of 
exp.  Resumes  to:  Agency  for 
Workforce  Innovation  P.O.  Box 
10869  Tallahassee,  FL  32302. 
Ref.  Job  Order  #FL-2579777 


Programmer  Analyst:  Develop 
info.  sys.  on  Unix/Linux  plat¬ 
forms  with  duties  of:  web  appls. 
migration  fr.  CGI/Perl/Javascript/ 
Informix  to  Apache  /  McxLPerl  / 
MySQL  /  XML  /  pdflib  with  HTML 
Template;  C++/Win  32  API/ 
Pro*C,  Java/JNI/Swing  and  In¬ 
formix  4GL  appls.  enhancement 
and  conversion  to  Perl/TK;  Ap¬ 
ache  configuration  and  web/db 
appls.  tuning;  reprogramming 
automated  codes  including  Unix 
shell  scripts;  tech,  support  & 
user  training.  Require  BS  in 
Comp.  Sc.,  CIS,  or  MIS  plus  6 
mon.  exp.  Full-time.  Apply  to: 
Mark  Shashek,  VP-CIO, 
Cassens  Transport  Co.  145  N. 
Kansas  St.  Edwardsville,  IL 
62025.  NO  CALL/EOE. 


itcareers.com  can  solve 
the  labyrinth  of  job  hunting 
by  matching  the  right  IT 


skills  with  the  right 
IT  position. 

www.itcareers.com 


enterprise  integration 
network  vulnerabilities 
corporate  data  security 
government  compliance 
mobile  &  wireless  security 
business  management  needs 


The  right  IT  professional 


can  jump  the  hurdles  of 


today  s  IT  challenges. 


Call: 


(800)  762-2977 


Computerworld  -  InfoWorld  -  Network  World  -  November  29,  2004 


NW 1 1 2904E/MW/W.3 


www.nwfusion.com 


11/29/04 


Editorial  Index 


AirTight  Networks _ 

9f) 

AT&T _ 

1,8 

Axiowave  Networks _ 

_ 3L_ 

■  B 

BfillSouth _ 

8 

■  C 

Cisc.n 

18,  IQ 

8 

■  G 

Glohesoft _ 

_ 38_ 

_ T_ 

■  H 

HE 

7,  19  98 

■  1 

IBM 

98 

Internet  Security  Systems 

fifi 

■  J 

.luniper 

_ Z_ 

Advertiser  Index 


Advertiser 


AMD 

13 

59 

61 

29 

15 

IRM  P.nrp 

33-36 

ihm.rnm/pRprvpr/64rpasnns 

67 

2-3 

intpl  rnm/hi isinpss 

55 

39 

26-27 

mirrnsrjft.nnm/wssystpm 

45 

68 

60 

16-17 

w  w  w.  red  1  inenet  wnrkR.nnm/infonpntpr 

RIM 

22 

68 

60 

www  sprvprtprh.r.nm 

UL 

4 

7 

6 

Western  Telematic  Inc. 

_ 6Q_ 

www.wti.cnm 

■  Network  World.  118  Turnpike  Road,  Southborough, 
MA  01772-9108,  (508)  460-3333. 

Periodicals  postage  paid  at  Southborough,  Mass.,  and  additional 
mailing  offices.  Posted  under  Canadian  International  Publication 
agreement  #40063800.  Network  World  (ISSN  0887-7661)  is  pub¬ 
lished  weekly,  except  for  a  single  combined  issue  for  the  last  week 
in  December  and  the  first  week  in  January  by  Network  World,  Inc., 
118  Turnpike  Road,  Southborough,  MA  01772-9108. 

Network  World  is  distributed  free  of  charge  in  the  U.S.  to  qual¬ 
ified  management  or  professionals. 

To  apply  for  a  free  subscription,  go  to  www.subscribenw.com  or 
write  Network  World  at  the  address  below.  No  subscriptions 
accepted  without  complete  identification  of  subscriber's 
name,  job  function,  company  or  organization.  Based  on  the 
information  supplied,  the  publisher  reserves  the  right  to  reject 
non-qualified  requests.  Subscriptions:  1-508-490-6444. 

Nonqualified  subscribers:  $5.00  a  copy;  U.S.  -  $129  a  year; 
Canada  -  $160.50  (including  7%  GST,  GST#  126659952);  Central 
&  South  America  -  $150  a  year  (surface  mail);  Europe  -  $205  a 
year  (surface  mail),  all  other  countries  -  $300  a  year  (airmail 
service).  Four  weeks  notice  is  required  for  change  of  address. 
Allow  six  weeks  for  new  subscription  service  to  begin.  Please 
include  mailing  label  from  front  cover  of  the  publication. 


■  M 

MCI.  .  .  1 

Microsoft _ 

98,  94 

Mitei 

...  19 

■  N 

NFC 

19 

Nelfi _ 

8 

NetForensios 

SB 

Novell  .  . 

■  R 

Rivermine  Software 

31 

■  S 

Sanyo 

88 

Sony  Friosson 

88 

Sprint 

1,  88 

Sun 

14 

Svaate 

7  

■  T 

Tasman  Networks 

19 

■  V 

Verizon 

1,  19,  81 

Verizon  Wireless 

_ L_ 

Network  Life 

Network  World  Fusion  -  www.nwfuslon.com 

3Com  Corporation 

Lancope 

Adobe  Systems 

Lucent  Technologies 

Airespace 

MessageLabs,  Inc 

American  Power  Conversion 

Microsoft  Corporation 

Aventail 

NEC  Computers,  Inc. 

Avocent 

NetScaler 

BNX  Systems 

NetScout  Systems 

Cisco  Systems,  Inc, 

NetScreen  Technologies  Inc 

Check  Point  Software  Technologies  New  Edge  Networks 


eEye  Digital  Security 
E  lance 
F5  Networks 
Fidelia 

Fluke  Networks 
ForcelO  Networks 
Fortinet 
GCW 

Global  Knowledge  Network 

Hewlett-Packard 

ITCareers 


Novell 

Oculan 

Quintum  Technologies 
Redline  Networks 
RLX Technologies,  Inc. 
Sana  Security 
SealedMedia 
Solsoft  Inc 
Statscout  Pty  Ltd 
SUPERCOMM 
TrendsMedia  Inc. 


These  indexes  are  provided  as  a  reader  service.  Although  every 
effort  has  been  made  to  make  them  as  complete  as  possible,  the 
publisher  does  not  assume  liability  for  errors  or  omissions, 
indicates  Regional  Demographic 


Network  World  can  be  purchased  on  35mm  microfilm 
through  University  Microfilm  Int.,  Periodical  Entry  Dept.,  300 
Zebb  Road,  Ann  Arbor,  Mich.  48106. 

PHOTOCOPYRIGHTS:  Permission  to  photocopy  for  internal 
or  personal  use  or  the  internal  or  personal  use  of  specific 
clients  is  granted  by  Network  World,  Inc.  for  libraries  and  other 
users  registered  with  the  Copyright  Clearance  Center  (CCC), 
provided  that  the  base  fee  of  $3.00  per  copy  of  the  article,  plus 
50  cents  per  page  is  paid  to  Copyright  Clearance  Center,  27 
Congress  Street,  Salem,  Mass.  01970. 

POSTMASTER:  Send  Change  of  Address  to  Network  World  P.O. 
Box  3090,  Northbrook,  IL  60065.  Canadian  Postmaster:  Please  return 
undeliverable  copy  to  PO  Box  1632,  Windsor,  Ontario  N9A7C9. 


WBPA 

▼  INTOnunOfML* 


Copyright  2004  by  Network  World,  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing  in  Network  World  is  forbid¬ 
den  without  written  permission. 

Reprints  (minimum  500  copies)  and  permission  to  reprint  may 
be  purchased  from  Reprint  Management  Services  at  (717)  399- 
1900  x124  or  rtry@rmsreprints.com. 

USPS735-730 


■  Network  World,  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 

EvileeThibeault,  CEO/Publisher 
John  Gallant,  President/Editorial  Director 
W.  Michael  Draper,  Chief  Operating  Officer 
Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Betty  Amaro-White,  Event  Finance  Manager 

HUMAN  RESOURCES 

Elizabeth  Price,  Director  of  Human  Resources 
Eric  Cormier,  Sr.  Human  Resources  Generalist 

MARKETING 

TerryAnn  Croci,  Sr.  Director  of  Customer  Experience 
Nancy  Sarlan,  Corporate  Marketing  Communications  Mgr. 
Barbara  Sullivan,  Senior  Research  Analyst 
Judy  Schultz,  Marketing  Design  Manager 
Cindy  Panzera,  Marketing  Designer 
PRODUCTION  SERVICES 

Greg  Morgan,  Senior  Director,  Production  Services 
Karen  Wallace,  Senior  Director,  Advertising  Operations 
Mike  Guerin,  Senior  Production  Specialist 
JamiThompson,  Production  Coordinator 
Veronica Trotto,  Online  Operations  Coordinator 
Maro  Eremyan,  Advertising  Coordinator 
Christina  Pankievich,  Advertising  Coordinator 
LisaThompson,  Online  AdTraffic  Coordinator 
CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 
Bobbie  Cruse,  Subscriptions  Manager 
Mary  Mclntire,  Circulation  Marketing  Manager 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

Bob  Wescott,  Distribution  Manager/(508)  879-0700 
IDG  LIST  RENTAL  SERVICES 

Amy  Bonner,  Account  Executive 

P.O.  Box  9151,  Framingham,  MA  01701-9151 

Toll  free:  (800)  434-5478  ext.  6026/Direct:(508)  370-0826 

Fax:  (508)  370-0020 

SEMINARS,  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Neal  Silverman,  Vice  President  of  Events 
Michele  Zarella,  Director  of  Operations 
Dale  Fisher,  Event  Planner 
Dori  Smith,  Event  Operations  Manager 
•Jacqueline  DiPerna,  Event  Coordinator 
Karen  Bornstein,  Sales  Operations  Specialist 
Andrea  D'Amato,  Sales  Director/Strategic  Partnerships 
Kristin  Ballou-Cianci,  Event  Regional  Account  Director 
Maureen  Riley,  Event  Regional  Account  Director 
Mark  Hollister,  Senior  Director  of  Event  Marketing 
Debra  Becker,  Dir.,  Marketing  &  Audience  Development 
Sara  Nieburg,  Senior  Marketing  Manager 
ONLINE  SERVICES 

Kevin  Normandeau,  Vice  President,  Online 

Dan  Gallagher,  Director  of  Audience  Development,  Online 

Adam  Gaffin,  Executive  Editor,  Online 

Melissa  Shaw,  Managing  Editor,  Online 

Jason  Meserve,  Multimedia  Editor 

Sheryl  Hodge,  Sr.  Online  Copy  Chief 

Deborah  Vozikis,  Design  Manager  Online 

CLIENT  SERVICES 

W.  Michael  Draper,  Chief  Operating  Officer 
Sharon  Stearns,  Director  of  Client  Services 
Leigh  Gagin,  Client  Services  Manager 
INFORMATION  SYSTEMS/BUSINESS  SERVICES 
W.  Michael  Draper,  Chief  Operating  Officer 
Tom  Kroon,  Director  of  Systems  Development 
Anne  Nickinello,  Senior  Systems  Analyst 
Puneet  Narang,  Manager  of  DatabaseTechnologies 
William  Zhang,  Senior  Software  Engineer 
Manav  Seghal,  Software  Engineer 
Rocco  Bortone,  Director  of  Network  IT 
Peter  Hebenstreit,  Senior  Network/Telecom  Engineer 
Kevin  O'Keefe,  Systems  Support  Manager 
Brian  Wood,  Senior  Systems  Support  Specialist 
Frank  Coelho,  Senior  Manager,  Business  Services 
Mark  Anderson,  Business  Services  Supervisor 
Linda  Cavanagh,  Business  Services  Administrator 


Sales  Offices 


Carol  Lasker,  Associate  Publisher/Vice  President 
Jane  Weissman,  Sales  Operations  Coordinator 
Internet:  clasker,  jweissman@nww.com 
(508)  460-3333/FAX:  (508)  460-1 237 

New  York/New  Jersey 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Account  Director 
Agata  Joseph,  Sales  Associate 
Internet:  tdavis,  elisas,  ajoseph@nww.com 
(201)  634-2300/FAX:  (201)  634-9286 

Northeast 

Elisa  Della  Rocco,  Regional  Account  Director 

Internet:  elisas@nww.com 

(508)  460-3333/FAX:  (508)  460-1237 

Mid-Atlantic 

Jacqui  DiBianca,  Regional  Account  Director 
Agata  Joseph,  Sales  Associate 
Internet:  jdibian,  ajoseph@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 

Midwest/Central 

Eric  Danetz,  Regional  Account  Director 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786 

Southeast 

Don  Seay,  Regional  Account  Director 
Agata  Joseph,  Sales  Associate 
Internet:  dseay,  ajoseph@nww.com 
(404)  504-6225/FAX:  (404)  504-6212 

Northern  California/Northwest 

'  Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Karen  Wilde,  Regional  Account  Director 
Courtney  Cochrane,  Regional  Account  Director 
I  Vanessa Tormey,  Regional  Account  Manager 
Teri  Marsh,  Sales  Assistant 
Internet:  skupiec,  kwilde,  ccochrane,  vtormey, 
tmarsh@nww.com 
(510)  768-2800/FAX:  (510)  768-2801 

,  Southwest/Rockies 

'  Becky  Bogart  Randell,  Regional  Account  Director 
Victoria  Gonzalez,  Sales  Assistant 
Internet:  brandell,  vgonzalez@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 

Online/Gustom  Publishing 

Kevin  Normandeau,  Vice  President,  Online 

Susan  Cardoza,  National  Sales  Director,  Integrated  Solutions 

Scott  Buckler,  Director  of  Integrated  Solutions 

Stephanie  Gutierrez,  Online  Acct.  Manager,  Integrated  Solutions 

Michael  Hiatt,  Director  of  Integrated  Solutions 

James  Kalbach,  Director  of  Integrated  Solutions 

Debbie  Lovell,  Online  Account  Manager,  Integrated  Solutions 

Kate  Zinn,  Director  of  Integrated  Solutions 

Denise  Landry,  Sales  Coordinator 

Internet:  knormandeau,  scardoza,  sbuckler,  sgutierrez, 

mhiatt,  jkalbach,  dlovell,  kzinn,  dlandry@nww.com 

(508)  460-3333/FAX:  (508)  861-0467 


MARKETPLACE/EMERGING  MARKETS 

Donna  Pomponi,  Director  of  Emerging  Markets 

Enku  Gubaie,  Manager  of  Marketplace/Emerging  Markets 

Caitlin  Horgan,  Manager  of  Marketplace/Emerging  Markets 

Jennifer  Moberg,  Manager  of  Marketplace/Emerging  Markets 

Chris  Gibney,  Sales  Operations  Coordinator 

Internet:  dpomponi,  egubaie,  chorgan,  jmoberg, 

cgibney@nww.com 

(508)  460-3333/FAX:  (508)  460-1192 

IT  CAREERS 

Vice  President,  Nancy  Perciva I,  Western  Regional  Manager, 
Caroline  Garcia,  Central  Regional  Manager.  Laura  Wilkinson, 
Central/Western  Account  Executive,  Mark  Dawson.  Eastern 
Regional  Manager,  Jay  Saveli,  Eastern  Account  Executive, 
Danielle Tetreault,  Sales/Marketing  Associate,  Deborah 
Green 

(800)  762-2977/FAX:  (508)  875-6310 


■  IDG 

Patrick  J.  McGovern,  Chairman  of  the  Board 
Pat  Kenealy,  CEO 

Network  World  is  a  publication  of  IDG,  the  world's  largest 
publisher  of  computer-related  information  and  the  leading 
global  provider  of  information  services  on  information  tech¬ 
nology.  IDG  publishes  over  275  computer  publications  in  75 
countries.  Ninety  million  people  read  one  or  more  IDG  publi¬ 
cations  each  month.  Network  World  contributes  to  the  IDG 
News  Service,  offering  the  latest  on  domestic  and  interna¬ 
tional  computer  news. 


66 

NetworkWorld 

11/29/04 

www.nwfusion.com 

BaSkSpm  Mark  Gibbs 

Linux  violates  more  than  228  patents  -  big  deal 


IfcT  here  was  a  report  out  this 
U  summer  by  an  open  source 
■  group  that  highlighted  that 
Linux  violates  over  228  patents. ...  So 
the  licensing  costs  are  less  clear  than 
people  think  today!’ 

That’s  Microsoft  CEO  Steve  Ballmer 
doing  his  level  best  to  scare  the  beje- 
sus  out  of  corporate  buyers  who  might  think  Linux 
looks  good. 

Of  course,  Microsoft  upped  the  ante  a  few  weeks 
ago  by  expanding  its  intellectual  property  indemnifi¬ 
cation  program  in  an  obvious  attempt  to  appeal  to 
customer  paranoia  and  to  a  greater  or  lesser  extent 
it  will  work. 

But  how  big  is  the  risk  from  open  source  software? 
As  with  much  of  Microsoft’s  spin  these  days,  Ballmer 
was  being,  shall  we  say  “economical  with  the  truth.” 
The  report  he  was  referring  to  came  from  a  consul¬ 
tancy  named  Open  Source  Risk  Management 
(OSRM). 

Now  you  might  assume  that  OSRM  is  somehow  on 
Microsoft’s  side  in  the  open  source  vs.  proprietary 
software  argument,  but  nothing  could  be  further 
from  the  truth.  OSRM  describes  its  mission  as  being 
based  on  a  vision  “of  a  world  ‘made  safe  for  open 
source’  —  a  world  in  which  the  unique  freedoms 
and  efficiencies  of  the  open  source  software  devel¬ 


opment  model  are  fully  protected  through  compre¬ 
hensive,  low-cost  vendor-neutral  open  source  protec¬ 
tion  available  to  end  users,  developers  and  vendors.” 

So  how  did  Ballmer  make  fast  and  loose  with 
OSRM’s  findings?  Here’s  what  the  report  actually 
says: “While  patents  certainly  do  not  spell  doom  for 
royalty-free  distribution  of  Linux;  there  is  a  level  of 
patent  infringement  risk  that  Linux  users  and  devel¬ 
opers  should  be  mindful  of  and  prepared  to 
address.” 

OK,  a  little  disheartening  but  stick  with  me  here: 
“More  specifically  the  study  found  that  not  a  single 
software  patent  fully  reviewed  and  validated  by  the 
courts  is  infringed  by  the  Linux  kernel.”  Ah-ha! 

The  report  carries  on:“Yet,the  study  also  deter¬ 
mined  that  283  software  patents  not  yet  reviewed 
by  the  courts  could  potentially  be  used  to  support 
claims  of  infringement  against  Linux.  To  be  clear, 
this  is  not  a  level  of  potential  infringement  greater 
than  that  of  proprietary  software;  comparable  pro¬ 
prietary  software  faces  the  same  level  of  potential 
infringement.” 

In  other  words,  Windows  is  at  least  open  to  as 
much  of  a  challenge  over  its  intellectual  property  as 
Linux  is.The  OSRM  report’s  author,  Dan  Ravicher, 
quoted  in  Linux  Today,  pointed  out  that  “not  a  single 
open  source  software  program  has  ever  been  sued 
for  patent  infringement,  much  less  be  found  to 


infringe.  On  the  contrary  proprietary  software,  like 
Windows,  is  sued  and  found  guilty  of  patent  infringe¬ 
ment  quite  frequently’ 

Ravicher  also  pointed  out  that  the  number  of  un¬ 
tested  patents  that  Linux  violates  “is  so  average  as  to 
be  boring;  almost  any  piece  of  software  potentially 
infringes  at  least  that  many  patents.” 

But  what  we  have  here  is  a  bigger  issue  than  Mi¬ 
crosoft’s  spin  or  the  risk  of  end-user  liability  from 
using  open  source. That  issue  is  the  dampening  ef¬ 
fect  that  market  uncertainty  causes  and  the  expen¬ 
sive  and  ugly  legal  mess  that  intellectual  property 
suits  cause. The  only  winners  in  these  cases  are 
lawyers  and  occasionally  one  of  the  flotilla  of 
intellectual  property  aggregators  —  the  companies 
that  acquire  the  property  to  shakedown  product 
manufacturers. 

Two  things  need  to  happen.  First,  we  need  the  laws 
changed  to  make  software  patents  less  easily 
abused.  Second,  we  need  Microsoft  to  stop  with  the 
incessant  spin  doctoring.  Enough  is  enough,  Steve! 

I  believe  there  is  a  chance  for  the  first  thing  to  hap¬ 
pen. There’s  a  lot  of  pressure  from  U.S.  developers 
and  from  the  European  Union  to  create  a  more 
rational  patent  system.  As  for  the  second,  I  hold  out 
very  little  hope. 

Pipe  dreams  to  backspin@gibbs.com. 


et 


Buzz 


News,  inlghts,  opinions  and  odditis! 


By  Paul  McNamara 


Up  close  and  too  personal 

You  don't  want  to  be  Donna  (so  much 
so  that  Donna  isn't  her  real  name).  You 
don’t  want  to  be  Donna’s  apparent  cad  of  a  paramour,  who  won't  be  named  here 
either  only  because  his  identity  isn't  relevant.  And  you  probably  don't  want  to  be 
either  person’s  employer. 

One  way  to  avoid  such  a  fate  is  to  start  monitoring  your  outbound  e-mail,  says 
Roger  Matus,  CEO  of  Audiotrieve.  His  young  company,  founded  by  a  group  of 
speech-recognition  specialists  from  Dragon  Systems,  makes  a  Bayesian  anti¬ 
spam  product  called  InBoxerthat  has  garnered  positive  reviews  since  launching 
in  July  2003.  Audiotrieve  is  looking  to  extend  that  technology  to  help  control  out¬ 
bound  e-mail,  a  market  opportunity  drawing  intense  interest  from  a  variety  of 
vendors  that  recognize  the  regulatory  burdens  and  legal  liabilities  spawned  by 
irresponsible  e-mail  practices. 

We'll  get  back  to  Donna  in  a  minute. 

“We  started  with  the  spam  filter  for  inbound  e-mail  but  discovered  that  the  big¬ 
ger  problem  was  actually  outbound,”  Matus  says.  “Inbound  is  an  annoyance;  out¬ 
bound  can  cost  you  millions”  in  sexual  harassment  judgments  and  regulatory  in¬ 
fractions.  Forty-three  percent  of  companies  employing  more  than  20,000  actually 
have  staffers  spot  check  outbound  e-mail,  according  to  Forrester  Research. 

In  getting  started  on  its  latest  development  effort,  the  Audiotrieve  team  asked 
itself  this  question: 

“How  do  you  take  a  spam  filter  and  teach  it  about  outbound  mail?The  first  thing 
you  need  is  a  very  large  database  of  e-mail,”  Matus  says.  “Most  companies  really 
aren't  willing  to  hand  that  over  to  you. They’re  very  happy  to  give  you  lists  of  spam, 
because  they  don’t  care  about  that.  But  in  terms  of  their  own  corporate  execu¬ 
tives’  communications,  well,  we  haven't  gotten  a  volunteer  yet.  We  asked  several 
people,  we  promised  to  sign  non-disclosures,  but  the  moment  we  say  ‘I  need  to 


see  all  of  it  because  we  want  to  know  about  the  stuff  that’s  offensive,  we  want  to 
know  about  the  stuff  that  involves  a  business  deal . . .  well,  you  can  imagine  if  I 
asked  you  for  all  of  your  mailbox.” 

I  can  imagine  I’d  hang  up  on  him. 

Fortunately  for  Audiotrieve,  176  former  Enron  executives,  support  workers  and 
their  correspondents  (including  Donna)  had  no  choice  in  the  matter.  In  March 
2003,  the  Federal  Energy  Regulatory  Commission  posted  online  1.5  million  e-mails 
between  these  people  that  were  related  to  Enron's  crooked  power-trading  activi¬ 
ties  —  a  treasure  trove  not  only  for  prosecutors  but  also  software  developers 
looking  to  engineer  a  language-based  e-mail  management  product. 

As  you  might  recall,  that  initial  disclosure  prompted  howls  of  protest —  highly 
justified  —  because  the  pile  of  messages  included  all  manner  of  personal  infor¬ 
mation,  including  Social  Security  numbers  and  bank  records,  as  well  as  discus¬ 
sions  pertaining  to  divorce  and  child  custody. 

“That  accounted  for  8%  of  the  database,  which  in  itself  is  sort  of  a  shocking 
statistic,"  Matus  says.  “That's  a  huge  number  of  e-mails  to  have  containing  infor¬ 
mation  that  you  wouldn’t  want  somebody  else  to  see.” 

Speaking  of  information  you  wouldn’t  want  somebody  else  to  see,  this  brings  us 
back  to  Donna.The  very  first  e-mail  in  that  mound  of  more  than  a  million  —  it’s 
true,  I  checked  —  reveals  this  plaintive  plea  from  Donna  to  an  Enron  executive: 

"So  . . .  you  were  looking  for  a  one-night  stand  after  all . . .?” 

Ouch.  While  most  were  more  mundane  than  embarrassing,  about  20%  of  the 
Enron  e-mail  involved  personal  matters  to  one  degree  or  another,  according  to 
the  Audiotrieve  analysis.The  language  used  by  some  executives  in  what  was 
ostensibly  business  correspondence  was  comically  profane.  And  "there  was 
some  pretty  nasty  stuff  in  there,”  Matus  says.  “All  the  .JPEGs,  all  the  .GIFs,  it's 
all  there.” 

Might  the  same  be  said  about  your  shop’s  e-mail? 

Don ’t  hold  back.  The  address  is  buzz@nww.com. 


DB2  DOESN’T  LOCK  YOU  IN. 

DB2  is  middleware,  but  it  is 
anything  but  middle-of-the-road. 

In  fact,  DB2  is  part  of  an  innovative 
family  of  information  management 
products  that  can  integrate  and 
actually  add  insight  to  your  data. 
That’s  big. 

DB2  is  also  the  leading  database 
built  on  and  optimized  for 
Linux?  UNIX'5  and  Windows?  built 
to  take  full  advantage  of  your 
existing  heterogeneous  and  open 
environments,  and  built  to  enable 
true  grid  computing. 


Plus,  there’s  no  constricting  contract. 

DB2  is  also  middleware  with  an  eye  on 
your  resources.  Alt  of  them.  An  ITG 
study  showed  overall  costs  for  Oracle 
Database  are  up  to  four  times  higher 
than  DB2’.  A  Solitaire  study  found  that, 
on  average,  Oracle  Database  required 
25%  more  time  to  manage  than  DB2? 
And  the  Transaction  Processing 
Performance  Council  showed  DB2  as 
the  overall  price/performance  leader  for 
TPC-C  on  Linux,  UNIX  and  Windows. 
Ahead  of  both  Oracle  Database  and 
Microsoft*  SQL  Server? 


Then  there’s  this:  Oracle  will  drop  the 
current  level  of  support  for  Oracle 
Database  8i  at  the  end  of  2004.  Meaning 
limited  support,  higher  cost  or  a 
complete  migration  to  current  versions. 
Fortunately,  IBM  offers  ongoing,  around- 
the-clock  service  and  support  for  DB2. 

Why  not  move  up  to  middleware  that 
makes  sense?  Through  the  end  of  the 
year,  you  can  get  IBM  DB2  Universal 
Database  by  taking  advantage  of 
our  extremely  compelling  trade-up 
promotion.  Visit  ibm.com/db2/swap 
today  to  find  out  if  you  qualify. 


DEMAND  BUSINESS 


IBM,  the  IBM  logo.  DB2  and  the  On  Demand  logo  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Microsoft 
and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and/or  other  countries.  Other  company,  product  and 
service  names  may  be  trademarks  or  service  marks  of  others.  ©2004  IBM  Corporation.  All  rights  reserved.  ’“IBM  Solutions  for  PeopleSoft  deployment  in  Mid-sized  businesses  Quantifying  the  New  Cost/Benefit  Equation,"  July  2003,  International 
Technology  Group,  Los  Altos,  California.  !"DB2  Performance  on  IBM  eServer*  pSeries  and  xSeries,"  Solitaire  Interglobal  Ltd.,  2003:  based  on  Oracle  Database  9i.  ’All  referenced  results  are  current  as  of  09/28/04.  Linux:  DB2  UDB  v8 1 : 1.61 
US$/tpmC,  18,661  tpmC,  available  12/15/04,  vs  Oracle  lOg:  3.94  US$/tpmC,  136,111  tpmC,  available  03/05/04.  UNIX:  DB2  UDB  v8.1 : 4.95  US$/tpmC,  809,144  tpmC,  available  09/30/04,  vs  Oracle  lOg:  5.26  US$/tpmC,  371,044  tpmC.  available 
09/30/04,  Windows:  DB2  UDB  v8.1 : 1.68  US$/tpmC,  18,318  tpmC,  available  04/14/04,  vs  Microsoft  SQL  Server  2000: 1.85  US$/tpmC,  22,052  tpmC,  available  02/18/04,  vs  Oracle  lOg  :4.98  US$/tpmC.  291,413  tpmC,  available  10/25/04.  TPC 
Benchmark,  TPC-C  and  tpmC  are  trademarks  of  the  Transaction  Processing  Performance  Council.  For  further  TPC-related  information,  please  visit  www.tpc.org 


w;.  v-v.  /■ 


. 

- - 


The  vast  majority  of  attacks ,  including  automated  worms ,  are 
performed  against  known  vulnerabilities  that  have  patches  available. 

October  2004 

Over  90%  of  security  exploits  are  carried  out  through 
vulnerabilities  for  which  there  are  known  patches. 


■ 


- — - 


Gartner  Gt 


Consistently  top-ranked  by  experts,  analysts  and  decision  makers,  PatchLink  Corporation  delivers 
best-of-class  patch  management  enterprise  security  and  system  management  solutions.  PatchLink 
has  been  the  definitive  patch  management  leader  since  1991.  Today,  thousands  of  companies 
around  the  world  depend  on  PatchLink  for  vulnerability  assessment,  remediation,  and  critical  patch 
updates  for  millions  of  nodes.  Go  with  the  leader,  PatchLink  -  The  Patch  Management  Experts. 


Found  tf\FtFtis 

A  DIVISION  OF  McAFEE  assuredcommuntcatbns ~ 


Microsoft 

GOLD  CERTIFIED 

Partner 


Novell 


9 

QUALYS' 


Vernier 

NETWORKS 


YOUR  FULLY  FUNCTIONAL  DEMO  OF  THE 

INDUSTRY  LEADING  PATCH  MANAGEMENT  SOLUTION 


PatchLink 


TM 


.patch  link,  com /n  wl  1 04 


The  Patch  Management  Experts  ' 


